Vulnerability Details : CVE-2025-0725
When libcurl is asked to perform automatic gzip decompression of
content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,
**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would
make libcurl perform a buffer overflow.
Vulnerability category: Overflow
Products affected by CVE-2025-0725
Please log in to view affected product information.
Exploit prediction scoring system (EPSS) score for CVE-2025-0725
0.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 41 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2025-0725
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.3
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
3.9
|
3.4
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-02-05 |
References for CVE-2025-0725
-
http://www.openwall.com/lists/oss-security/2025/02/06/4
oss-security - Re: [SECURITY ADVISORY] curl: CVE-2025-0725: gzip integer overflow
-
https://hackerone.com/reports/2956023
Just a moment...
-
https://curl.se/docs/CVE-2025-0725.html
curl - gzip integer overflow - CVE-2025-0725
-
https://security.netapp.com/advisory/ntap-20250306-0009/
CVE-2025-0725 Libcurl Vulnerability in NetApp Products | NetApp Product Security
-
http://www.openwall.com/lists/oss-security/2025/02/06/2
oss-security - Re: [SECURITY ADVISORY] curl: CVE-2025-0725: gzip integer overflow
-
https://curl.se/docs/CVE-2025-0725.json
-
http://www.openwall.com/lists/oss-security/2025/02/05/3
oss-security - [SECURITY ADVISORY] curl: CVE-2025-0725: gzip integer overflow
Jump to