CVE-2025-36520

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-36520
A null pointer dereference vulnerability exists in the net_connectmsg Protocol Buffer Message functionality of Bloomberg Comdb2 8.1. A specially crafted network packets can lead to a denial of service. An attacker can send packets to trigger this vulnerability.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2197 Exploit Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2197 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:bloomberg:comdb2:8.1:*:*:*:*:*:*:*
History

22 Aug 2025, 16:18

Type Values Removed Values Added
References () https://talosintelligence.com/vulnerability_reports/TALOS-2025-2197 - () https://talosintelligence.com/vulnerability_reports/TALOS-2025-2197 - Exploit, Third Party Advisory
CPE cpe:2.3:a:bloomberg:comdb2:8.1:*:*:*:*:*:*:*
First Time Bloomberg
Bloomberg comdb2

23 Jul 2025, 15:15

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad de desreferencia de puntero nulo en la funcionalidad de mensajes de búfer de protocolo net_connectmsg de Bloomberg Comdb2 8.1. Un paquete de red especialmente manipulado puede provocar una denegación de servicio. Un atacante puede enviar paquetes para activar esta vulnerabilidad.
References () https://talosintelligence.com/vulnerability_reports/TALOS-2025-2197 - () https://talosintelligence.com/vulnerability_reports/TALOS-2025-2197 -

22 Jul 2025, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-07-22 16:15

Updated : 2025-08-22 16:18

NVD link : CVE-2025-36520

Mitre link : CVE-2025-36520

CVE.ORG link : CVE-2025-36520

JSON object : View

Products Affected

bloomberg

  • comdb2
CWE
CWE-476

NULL Pointer Dereference