ГлавнаяУязвимости → CVE-2025-0725
7.3высокая

CVE-2025-0725

→ есть в БДУ: BDU:2025-01585 (на русском)
Описание (на английском; русское — в БДУ выше)

When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.

Затрагиваемое ПО
Netapp Hci baseboard management controllerNetapp Hci h610s firmwareNetapp Hci h610sNetapp Hci h610c firmwareNetapp Hci h610cNetapp Hci h615c firmwareNetapp Hci h615cNetapp Solidfire \& hci management nodeNetapp Solidfire \& hci storage nodeHaxx CurlHaxx LibcurlZlib Zlib
CVSS
Балл7.3 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Источники
https://curl.se/docs/CVE-2025-0725.htmlhttps://curl.se/docs/CVE-2025-0725.jsonhttps://hackerone.com/reports/2956023http://www.openwall.com/lists/oss-security/2025/02/05/3http://www.openwall.com/lists/oss-security/2025/02/06/2http://www.openwall.com/lists/oss-security/2025/02/06/4https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7https://security.netapp.com/advisory/ntap-20250306-0009/