Firebird: Information leak vulnerability in firebird3 client when used with...

7.9 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L

Description

Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or higher.

Basic Information

ID CVE-2025-65104

Source GitHub_M

Published Apr 17, 2026 at 17:47

Modified Apr 17, 2026 at 18:25

Affected Product

Vendor FirebirdSQL

Product firebird

Version < 4.0.0

Affected Versions FirebirdSQL firebird < 4.0.0

CWE Classification

CWE-200

References

{
    "lastseen": "",
    "description": "Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or higher.",
    "published": "2026-04-17T17:47:42.109Z",
    "modified": "2026-04-17T18:25:11.941Z",
    "type": "cve",
    "title": "Firebird: Information leak vulnerability in firebird3 client when used with newer server",
    "source": "GitHub_M",
    "references": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-mfpr-9886-xjhg\nhttps://github.com/FirebirdSQL/firebird/releases/tag/v4.0.0",
    "id": "CVE-2025-65104",
    "bulletinFamily": "",
    "cwe": [
        "CWE-200"
    ],
    "cvelist": null,
    "sourceData": "FirebirdSQL firebird < 4.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.9,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "firebird",
    "version": "< 4.0.0",
    "vendor": "FirebirdSQL",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Firebird: Information leak vulnerability in firebird3 client when used with newer server_CVE-2025-65104