CVE-2025-65104

EUVD-2025-209528
Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or higher.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.9 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 9%
Affected Products (NVD)
VendorProductVersion
firebirdsqlfirebird
𝑥
< 3.0.14
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.0
https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-mfpr-9886-xjhg