Description

When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.

INFO

Published Date :

2025-02-05T09:18:20.468Z

Last Modified :

2025-06-12T16:04:29.956Z

Source :

curl
AFFECTED PRODUCTS

The following products are affected by CVE-2025-0725 vulnerability.

Vendors Products
Haxx
  • Curl
  • Libcurl
Netapp
  • Hci Baseboard Management Controller
  • Hci H610c
  • Hci H610c Firmware
  • Hci H610s
  • Hci H610s Firmware
  • Hci H615c
  • Hci H615c Firmware
  • Solidfire \& Hci Management Node
  • Solidfire \& Hci Storage Node
Zlib
  • Zlib
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-0725.

URL Resource
http://www.openwall.com/lists/oss-security/2025/02/05/3 cve-icon
http://www.openwall.com/lists/oss-security/2025/02/06/2 cve-icon
http://www.openwall.com/lists/oss-security/2025/02/06/4 cve-icon
https://curl.se/docs/CVE-2025-0725.html cve-icon cve-icon cve-icon
https://curl.se/docs/CVE-2025-0725.json cve-icon cve-icon cve-icon
https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7 cve-icon
https://hackerone.com/reports/2956023 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-0725 cve-icon
https://security.netapp.com/advisory/ntap-20250306-0009/ cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-0725 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact