CVE-2025-6375

A vulnerability was found in poco up to 1.14.1. It has been rated as problematic. Affected by this issue is the function MultipartInputStream of the file Net/src/MultipartReader.cpp. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.14.2 is able to address this issue. The patch is identified as 6f2f85913c191ab9ddfb8fae781f5d66afccf3bf. It is recommended to upgrade the affected component.

CVSS v3 3.3 LOW
CVSS v2.0 1.7 LOW

3.3^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

1.7^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 3.1 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://github.com/pocoproject/poco/commit/6f2f85913c191ab9ddfb8fae781f5d66afccf3bf
https://github.com/pocoproject/poco/issues/4915
https://github.com/pocoproject/poco/releases/tag/poco-1.14.2-release
https://github.com/user-attachments/files/19524599/poco_crash.txt
https://vuldb.com/?ctiid.313370
https://vuldb.com/?id.313370
https://vuldb.com/?submit.597446
https://github.com/pocoproject/poco/issues/4915

Configurations

No configuration.

History

23 Jun 2025, 15:15

Type	Values Removed	Values Added
References	~~() https://github.com/pocoproject/poco/issues/4915 -~~	() https://github.com/pocoproject/poco/issues/4915 -
Summary		(es) Se encontró una vulnerabilidad en poco hasta la versión 1.14.1. Se ha clasificado como problemática. Este problema afecta a la función MultipartInputStream del archivo Net/src/MultipartReader.cpp. La manipulación provoca la desreferenciación de puntero nulo. El ataque debe abordarse localmente. Se ha hecho público el exploit y puede que sea utilizado. Actualizar a la versión 1.14.2 puede solucionar este problema. El parche se identifica como 6f2f85913c191ab9ddfb8fae781f5d66afccf3bf. Se recomienda actualizar el componente afectado.

21 Jun 2025, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-21 01:15

Updated : 2025-06-23 20:16

NVD link : CVE-2025-6375

Mitre link : CVE-2025-6375

CVE.ORG link : CVE-2025-6375

JSON object : View

Products Affected

No product.

CWE

CWE-404

Improper Resource Shutdown or Release

CWE-476

NULL Pointer Dereference

3.3 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

1.7 /10

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2025-6375

3.3^/10

1.7^/10

Attach tags to `CVE-2025-6375`