Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-47712

A flaw exists in the nbdkit "blocksize" filter that can be triggered by a specific type of client request. When a client requests block status information for a very large data range, exceeding a certain limit, it causes an internal error in the nbdkit, leading to a denial of service.

Published

2025-06-09T06:15:25.537

Last Modified

2025-08-21T01:19:08.157

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-190

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nbdkit_project	nbdkit	-	Yes
Operating System	redhat	enterprise_linux	7.0	No
Operating System	redhat	enterprise_linux	8.0	No
Operating System	redhat	enterprise_linux	9.0	No
Operating System	redhat	enterprise_linux	10.0	No
Operating System	redhat	enterprise_linux_advanced_virtualization	8.0	No

References

https://access.redhat.com/security/cve/CVE-2025-47712 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2365724 Issue Tracking, Third Party Advisory ([email protected])
https://lists.libguestfs.org/archives/list/[email protected]/thread/67E7AASHHADIY7VAD3FFW2I67LTWVWYF/ Third Party Advisory ([email protected])