Vulnerability CVE-2025-65104: Information

Description

Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or higher.

Severity: HIGH (7.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
URL: https://nvd.nist.gov/vuln/detail/CVE-2025-65104
Published: April 17, 2026
Modified: April 24, 2026
Error type identifier: CWE-200

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
firebirdsisyphus4.0.0.2496.0-alt15.0.4-alt1ALT-PU-2021-5083-1281784Fixed
firebirdsisyphus_loongarch645.0.4-alt15.0.4-alt1ALT-PU-2026-7495-1-Fixed
firebirdp115.0.4-alt15.0.4-alt1ALT-PU-2026-7136-2417164Fixed
firebirdc10f24.0.0.2496.0-alt14.0.6-alt1ALT-PU-2021-5083-1281784Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/FirebirdSQL/firebird/releases/tag/v4.0.0
  • Product
  • Release Notes
https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-mfpr-9886-xjhg
  • Vendor Advisory
    1. cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*
      End excluding
      3.0.14
VKontakte|Telegram|YouTube|Forum|ALT Linux Space|Bugzilla
Version: v26.2.2
Back to top