CVE-2025-65104

EUVD-2025-209528
Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or higher.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
GitHub_MCNA
7.9 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
firebirdsqlfirebird
𝑥
< 4.0.0
CNA
Common Weakness Enumeration
References
https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.0
https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-mfpr-9886-xjhg