{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-10158", "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7", "state": "PUBLISHED", "assignerShortName": "rapid7", "dateReserved": "2025-09-09T11:15:17.585Z", "datePublished": "2025-11-18T14:24:19.210Z", "dateUpdated": "2025-11-19T16:48:56.591Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "rsync", "vendor": "rsync", "versions": [{"lessThanOrEqual": "3.4.1", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Calum Hutton"}], "datePublic": "2025-11-18T14:20:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The \n\nmalicious \n\nrsync client requires at least read access to the remote rsync module in order to trigger the issue."}], "value": "A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The \n\nmalicious \n\nrsync client requires at least read access to the remote rsync module in order to trigger the issue."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-129", "description": "CWE-129 Improper Validation of Array Index", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9974b330-7714-4307-a722-5648477acda7", "shortName": "rapid7", "dateUpdated": "2025-11-18T14:45:58.065Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f"}, {"tags": ["technical-description"], "url": "https://attackerkb.com/assessments/fbacb2a6-d1cd-4011-bb3a-f06b1c8306b1"}], "source": {"discovery": "UNKNOWN"}, "timeline": [{"lang": "en", "time": "2025-03-19T06:11:00.000Z", "value": "Rapid7 makes initial outreach to rsync maintainers"}, {"lang": "en", "time": "2025-03-19T10:04:00.000Z", "value": "Rsync maintainers confirm outreach"}, {"lang": "en", "time": "2025-03-20T10:34:00.000Z", "value": "Rapid7 provides rsync maintainers a technical writeup and PoC to reproduce the issue"}, {"lang": "en", "time": "2025-04-02T03:05:00.000Z", "value": "Rapid7 requests confirmation of findings"}, {"lang": "en", "time": "2025-04-06T09:30:00.000Z", "value": "Rsync maintainers indicate more time is needed"}, {"lang": "en", "time": "2025-04-16T05:31:00.000Z", "value": "Rsync maintainers reproduce the issue and dispute its security impact due to uncertainty around viability of heap manipulation during exploitation"}, {"lang": "en", "time": "2025-04-17T01:56:00.000Z", "value": "Rapid7 indicates manipulating the heap is nuanced and CVE assignment is both prudent and best practice in this instance"}, {"lang": "en", "time": "2025-05-07T09:08:00.000Z", "value": "Rapid7 requests an update"}, {"lang": "en", "time": "2025-05-12T06:08:00.000Z", "value": "Rsync maintainers indicate a pull request to fix the issue is forthcoming"}, {"lang": "en", "time": "2025-05-28T09:40:00.000Z", "value": "Rapid7 requests an update"}, {"lang": "en", "time": "2025-06-17T04:19:00.000Z", "value": "Rapid7 requests an update"}, {"lang": "en", "time": "2025-08-18T11:59:00.000Z", "value": "Rapid7 requests an update"}, {"lang": "en", "time": "2025-08-23T09:17:00.000Z", "value": "Rsync maintainers indicate a pull request to remediate the issue has been made and a feature release is forthcoming"}, {"lang": "en", "time": "2025-09-02T04:23:00.000Z", "value": "Rapid7 indicates intention to assign a CVE and perform a coordinated disclosure with the rsync maintainers upon the upcoming feature release"}, {"lang": "en", "time": "2025-09-09T11:18:00.000Z", "value": "Rapid7 provides rsync maintainers a reserved CVE identifier and requests the date for the expected feature release"}, {"lang": "en", "time": "2025-11-11T04:42:00.000Z", "value": "Rapid7 indicates intention to publish the CVE record on November 18, 2025."}, {"lang": "en", "time": "2025-11-18T14:00:00.000Z", "value": "This disclosure"}], "title": "Rsync: Out of bounds array access via negative index", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-19T16:15:02.998218Z", "id": "CVE-2025-10158", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-19T16:48:56.591Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "Rsync: Out of bounds array access via negative index", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Calum Hutton"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "rsync", "product": "rsync", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.4.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-03-19T06:11:00.000Z", "value": "Rapid7 makes initial outreach to rsync maintainers"}, {"lang": "en", "time": "2025-03-19T10:04:00.000Z", "value": "Rsync maintainers confirm outreach"}, {"lang": "en", "time": "2025-03-20T10:34:00.000Z", "value": "Rapid7 provides rsync maintainers a technical writeup and PoC to reproduce the issue"}, {"lang": "en", "time": "2025-04-02T03:05:00.000Z", "value": "Rapid7 requests confirmation of findings"}, {"lang": "en", "time": "2025-04-06T09:30:00.000Z", "value": "Rsync maintainers indicate more time is needed"}, {"lang": "en", "time": "2025-04-16T05:31:00.000Z", "value": "Rsync maintainers reproduce the issue and dispute its security impact due to uncertainty around viability of heap manipulation during exploitation"}, {"lang": "en", "time": "2025-04-17T01:56:00.000Z", "value": "Rapid7 indicates manipulating the heap is nuanced and CVE assignment is both prudent and best practice in this instance"}, {"lang": "en", "time": "2025-05-07T09:08:00.000Z", "value": "Rapid7 requests an update"}, {"lang": "en", "time": "2025-05-12T06:08:00.000Z", "value": "Rsync maintainers indicate a pull request to fix the issue is forthcoming"}, {"lang": "en", "time": "2025-05-28T09:40:00.000Z", "value": "Rapid7 requests an update"}, {"lang": "en", "time": "2025-06-17T04:19:00.000Z", "value": "Rapid7 requests an update"}, {"lang": "en", "time": "2025-08-18T11:59:00.000Z", "value": "Rapid7 requests an update"}, {"lang": "en", "time": "2025-08-23T09:17:00.000Z", "value": "Rsync maintainers indicate a pull request to remediate the issue has been made and a feature release is forthcoming"}, {"lang": "en", "time": "2025-09-02T04:23:00.000Z", "value": "Rapid7 indicates intention to assign a CVE and perform a coordinated disclosure with the rsync maintainers upon the upcoming feature release"}, {"lang": "en", "time": "2025-09-09T11:18:00.000Z", "value": "Rapid7 provides rsync maintainers a reserved CVE identifier and requests the date for the expected feature release"}, {"lang": "en", "time": "2025-11-11T04:42:00.000Z", "value": "Rapid7 indicates intention to publish the CVE record on November 18, 2025."}, {"lang": "en", "time": "2025-11-18T14:00:00.000Z", "value": "This disclosure"}], "datePublic": "2025-11-18T14:20:00.000Z", "references": [{"url": "https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f", "tags": ["patch"]}, {"url": "https://attackerkb.com/assessments/fbacb2a6-d1cd-4011-bb3a-f06b1c8306b1", "tags": ["technical-description"]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The \n\nmalicious \n\nrsync client requires at least read access to the remote rsync module in order to trigger the issue.", "supportingMedia": [{"type": "text/html", "value": "A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The \n\nmalicious \n\nrsync client requires at least read access to the remote rsync module in order to trigger the issue.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-129", "description": "CWE-129 Improper Validation of Array Index"}]}], "providerMetadata": {"orgId": "9974b330-7714-4307-a722-5648477acda7", "shortName": "rapid7", "dateUpdated": "2025-11-18T14:45:58.065Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-10158", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-19T16:15:02.998218Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2025-11-19T16:15:07.191Z"}}]}, "cveMetadata": {"cveId": "CVE-2025-10158", "state": "PUBLISHED", "dateUpdated": "2025-11-18T14:45:58.065Z", "dateReserved": "2025-09-09T11:15:17.585Z", "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7", "datePublished": "2025-11-18T14:24:19.210Z", "assignerShortName": "rapid7"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The \n\nmalicious \n\nrsync client requires at least read access to the remote rsync module in order to trigger the issue."}], "id": "CVE-2025-10158", "lastModified": "2025-11-19T19:15:16.750", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-11-18T15:16:25.433", "references": [{"source": "[email protected]", "url": "https://attackerkb.com/assessments/fbacb2a6-d1cd-4011-bb3a-f06b1c8306b1"}, {"source": "[email protected]", "url": "https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-129"}], "source": "[email protected]", "type": "Secondary"}]}

{"bugzilla": {"description": "rsync: Rsync: Out of bounds array access via negative index", "id": "2415637", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415637"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "status": "draft"}, "cwe": "CWE-129", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-10158", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "rsync", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "rsync", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "rsync", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "rsync", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "rsync", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-11-18T14:24:19Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-10158\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-10158\nhttps://attackerkb.com/assessments/fbacb2a6-d1cd-4011-bb3a-f06b1c8306b1\nhttps://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f"], "threat_severity": "Moderate"}