CVE-2025-0725

ADVISORY - nist

Summary

When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the CURLOPT_ACCEPT_ENCODING option, using zlib 1.2.0.3 or older, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.

EPSS Score⁠: 0.00135 (0.344)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-120⁠

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Impacted images

Advisories

NIST

CREATED

4 months ago

UPDATED

8 days ago

ADVISORY IDCVE-2025-0725⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-120⁠

CVSS SCORE

7.3high

Alpine

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY IDCVE-2025-0725⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

4 months ago

UPDATED

3 months ago

ADVISORY IDCVE-2025-0725⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY IDCVE-2025-0725⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Chainguard

CREATED

4 months ago

UPDATED

4 months ago

ADVISORY ID

CGA-378j-cghq-mmhg

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY