CVE-2025-10158

EUVD-2025-198005
A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The 

malicious 

rsync client requires at least read access to the remote rsync module in order to trigger the issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
rapid7CNA
4.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
Debian logo
Debian Releases
Debian Product
Codename
rsync
bookworm
3.2.7-1+deb12u4
fixed
bookworm (security)
vulnerable
bullseye
ignored
bullseye (security)
vulnerable
forky
3.4.1+ds1-7
fixed
sid
3.4.1+ds1-7
fixed
trixie
3.4.1+ds1-5+deb13u1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
rsync
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
ignored
questing
needs-triage
trusty
needs-triage
xenial
needs-triage
Common Weakness Enumeration
References
https://attackerkb.com/assessments/fbacb2a6-d1cd-4011-bb3a-f06b1c8306b1
https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f