CVE-2025-24975: Firebird Non-Authorized Access to Encrypted Database Using Execute Statement on External

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-24975

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Firebird Non-Authorized Access to Encrypted Database Using Execute Statement on External

Source: NVD (National Vulnerability Database)

Vulnerability Description

Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability of the CryptCallback interface is used when created versus what is available could result in a segfault in the server process. Encrypted databases, accessed by execute statement on external, may be accessed later by an attachment missing a key to that database. In a case when execute statement are chained, segfault may happen. Additionally, the segfault may affect unencrypted databases. This issue has been patched in snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609 and point releases 4.0.6 and 5.0.2. A workaround for this issue involves setting ExtConnPoolSize equal to 0 in firebird.conf.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

对因果或异常条件的不恰当检查

Source: NVD (National Vulnerability Database)

Vulnerability Title

Firebird 代码问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Firebird是Firebird基金会的一套开源跨平台的提供多个ANSI SQL-92功能的关系型数据库管理系统。 Firebird 4.0.6.3183之前版本、5.0.2.1610之前版本和6.0.0.609之前版本存在代码问题漏洞，该漏洞源于ExtConnPool连接验证不足可能导致分段违规。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
FirebirdSQL	firebird	< 6.0.0.609	-

II. Public POCs for CVE-2025-24975

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-24975

Please Login to view more intelligence information

IV. Related Vulnerabilities

Same product: firebird

Same vendor: FirebirdSQL

Same weakness: CWE-754

V. Comments for CVE-2025-24975

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2025-24975

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-24975

III. Intelligence Information for CVE-2025-24975

IV. Related Vulnerabilities

V. Comments for CVE-2025-24975

Leave a comment