CVE-2025-0725 - Vulnerability Details

When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable yes

Technical Impact partial

Vendors	Products
Haxx	Curl Libcurl
Netapp	Hci Baseboard Management Controller Hci H610c Hci H610c Firmware Hci H610s Hci H610s Firmware Hci H615c Hci H615c Firmware Solidfire \& Hci Management Node Solidfire \& Hci Storage Node
Zlib	Zlib

Configuration 1 [-]

cpe:2.3:a:netapp:hci_baseboard_management_controller:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:netapp:hci_h610s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:hci_h610s:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:netapp:hci_h610c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:hci_h610c:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:netapp:hci_h615c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:hci_h615c:-:*:*:*:*:*:*:*

Configuration 5 [-]

OR	cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:::::::*
	cpe:2.3:a:netapp:solidfire_\&_hci_storage_node:-:::::::*

Configuration 6 [-]

AND

OR	cpe:2.3:a:haxx:curl::::::::
	cpe:2.3:a:haxx:libcurl::::::::

cpe:2.3:a:zlib:zlib:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2025/02/05/3
http://www.openwall.com/lists/oss-security/2025/02/06/2
http://www.openwall.com/lists/oss-security/2025/02/06/4
https://curl.se/docs/CVE-2025-0725.html
https://curl.se/docs/CVE-2025-0725.json
https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7
https://hackerone.com/reports/2956023
https://nvd.nist.gov/vuln/detail/CVE-2025-0725
https://security.netapp.com/advisory/ntap-20250306-0009/
https://www.cve.org/CVERecord?id=CVE-2025-0725

History

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00215}`	epss `{'score': 0.0023}`

Fri, 27 Jun 2025 19:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Zlib Zlib zlib
CPEs		cpe:2.3:a:zlib:zlib::::::::
Vendors & Products		Zlib Zlib zlib

Thu, 12 Jun 2025 16:30:00 +0000

Type	Values Removed	Values Added
References		https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7

Tue, 13 May 2025 19:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Haxx Haxx curl Haxx libcurl Netapp Netapp hci Baseboard Management Controller Netapp hci H610c Netapp hci H610c Firmware Netapp hci H610s Netapp hci H610s Firmware Netapp hci H615c Netapp hci H615c Firmware Netapp solidfire \& Hci Management Node Netapp solidfire \& Hci Storage Node
Weaknesses		CWE-120
CPEs		cpe:2.3:a:haxx:curl:::::::: cpe:2.3:a:haxx:libcurl:::::::: cpe:2.3:a:netapp:hci_baseboard_management_controller:-:::::::* cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:::::::* cpe:2.3:a:netapp:solidfire_\&_hci_storage_node:-:::::::* cpe:2.3:h:netapp:hci_h610c:-:::::::* cpe:2.3:h:netapp:hci_h610s:-:::::::* cpe:2.3:h:netapp:hci_h615c:-:::::::* cpe:2.3:o:netapp:hci_h610c_firmware:-:::::::* cpe:2.3:o:netapp:hci_h610s_firmware:-:::::::* cpe:2.3:o:netapp:hci_h615c_firmware:-:::::::*
Vendors & Products		Haxx Haxx curl Haxx libcurl Netapp Netapp hci Baseboard Management Controller Netapp hci H610c Netapp hci H610c Firmware Netapp hci H610s Netapp hci H610s Firmware Netapp hci H615c Netapp hci H615c Firmware Netapp solidfire \& Hci Management Node Netapp solidfire \& Hci Storage Node

Fri, 07 Mar 2025 01:30:00 +0000

Type	Values Removed	Values Added
References		https://security.netapp.com/advisory/ntap-20250306-0009/

Fri, 07 Feb 2025 14:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-680
References		https://nvd.nist.gov/vuln/detail/CVE-2025-0725 https://www.cve.org/CVERecord?id=CVE-2025-0725
Metrics	threat_severity `None`	threat_severity `Low`

Thu, 06 Feb 2025 19:45:00 +0000

Type	Values Removed	Values Added
References		http://www.openwall.com/lists/oss-security/2025/02/06/4

Thu, 06 Feb 2025 11:30:00 +0000

Type	Values Removed	Values Added
References		http://www.openwall.com/lists/oss-security/2025/02/06/2

Wed, 05 Feb 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 05 Feb 2025 11:45:00 +0000

Type	Values Removed	Values Added
References		http://www.openwall.com/lists/oss-security/2025/02/05/3

Wed, 05 Feb 2025 09:30:00 +0000

Type	Values Removed	Values Added
Description		When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, using zlib 1.2.0.3 or older, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.
Title		gzip integer overflow
References		https://curl.se/docs/CVE-2025-0725.html https://curl.se/docs/CVE-2025-0725.json https://hackerone.com/reports/2956023

MITRE

Status: PUBLISHED

Assigner: curl

Published: 2025-02-05T09:18:20.468Z

Updated: 2025-06-12T16:04:29.956Z

Reserved: 2025-01-27T04:58:09.514Z

Link: CVE-2025-0725

Vulnrichment

Updated: 2025-06-12T16:04:29.956Z

NVD

Status : Analyzed

Published: 2025-02-05T10:15:22.980

Modified: 2025-06-27T19:24:08.327

Link: CVE-2025-0725

Redhat

Severity : Low

Publid Date: 2025-02-05T09:18:20Z

Links: CVE-2025-0725 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Exploitation poc

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object