{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-6375", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-06-19T15:22:10.813Z", "datePublished": "2025-06-21T00:31:06.881Z", "dateUpdated": "2025-06-23T14:44:10.943Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-06-21T00:31:06.881Z"}, "title": "poco MultipartReader.cpp MultipartInputStream null pointer dereference", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-476", "lang": "en", "description": "NULL Pointer Dereference"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-404", "lang": "en", "description": "Denial of Service"}]}], "affected": [{"vendor": "n/a", "product": "poco", "versions": [{"version": "1.14.0", "status": "affected"}, {"version": "1.14.1", "status": "affected"}, {"version": "1.14.2", "status": "unaffected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in poco up to 1.14.1. It has been rated as problematic. Affected by this issue is the function MultipartInputStream of the file Net/src/MultipartReader.cpp. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.14.2 is able to address this issue. The patch is identified as 6f2f85913c191ab9ddfb8fae781f5d66afccf3bf. It is recommended to upgrade the affected component."}, {"lang": "de", "value": "Eine problematische Schwachstelle wurde in poco bis 1.14.1 ausgemacht. Davon betroffen ist die Funktion MultipartInputStream der Datei Net/src/MultipartReader.cpp. Mit der Manipulation mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 1.14.2 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 6f2f85913c191ab9ddfb8fae781f5d66afccf3bf bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2025-06-19T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-06-19T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-06-19T17:27:24.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "JJLeo (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.313370", "name": "VDB-313370 | poco MultipartReader.cpp MultipartInputStream null pointer dereference", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.313370", "name": "VDB-313370 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.597446", "name": "Submit #597446 | Applied Informatics Software Engineering GmbH poco poco 1.14.1 (commit 530c2ef) NULL Pointer Dereference", "tags": ["third-party-advisory"]}, {"url": "https://github.com/pocoproject/poco/issues/4915", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/user-attachments/files/19524599/poco_crash.txt", "tags": ["exploit"]}, {"url": "https://github.com/pocoproject/poco/commit/6f2f85913c191ab9ddfb8fae781f5d66afccf3bf", "tags": ["exploit", "patch"]}, {"url": "https://github.com/pocoproject/poco/releases/tag/poco-1.14.2-release", "tags": ["exploit", "patch"]}]}, "adp": [{"references": [{"url": "https://github.com/pocoproject/poco/issues/4915", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-23T14:44:07.184574Z", "id": "CVE-2025-6375", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-23T14:44:10.943Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6375", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-23T14:44:07.184574Z"}}}], "references": [{"url": "https://github.com/pocoproject/poco/issues/4915", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-23T14:44:02.154Z"}}], "cna": {"title": "poco MultipartReader.cpp MultipartInputStream null pointer dereference", "credits": [{"lang": "en", "type": "reporter", "value": "JJLeo (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"}}], "affected": [{"vendor": "n/a", "product": "poco", "versions": [{"status": "affected", "version": "1.14.0"}, {"status": "affected", "version": "1.14.1"}, {"status": "unaffected", "version": "1.14.2"}]}], "timeline": [{"lang": "en", "time": "2025-06-19T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-06-19T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-06-19T17:27:24.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.313370", "name": "VDB-313370 | poco MultipartReader.cpp MultipartInputStream null pointer dereference", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.313370", "name": "VDB-313370 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.597446", "name": "Submit #597446 | Applied Informatics Software Engineering GmbH poco poco 1.14.1 (commit 530c2ef) NULL Pointer Dereference", "tags": ["third-party-advisory"]}, {"url": "https://github.com/pocoproject/poco/issues/4915", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/user-attachments/files/19524599/poco_crash.txt", "tags": ["exploit"]}, {"url": "https://github.com/pocoproject/poco/commit/6f2f85913c191ab9ddfb8fae781f5d66afccf3bf", "tags": ["exploit", "patch"]}, {"url": "https://github.com/pocoproject/poco/releases/tag/poco-1.14.2-release", "tags": ["exploit", "patch"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in poco up to 1.14.1. It has been rated as problematic. Affected by this issue is the function MultipartInputStream of the file Net/src/MultipartReader.cpp. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.14.2 is able to address this issue. The patch is identified as 6f2f85913c191ab9ddfb8fae781f5d66afccf3bf. It is recommended to upgrade the affected component."}, {"lang": "de", "value": "Eine problematische Schwachstelle wurde in poco bis 1.14.1 ausgemacht. Davon betroffen ist die Funktion MultipartInputStream der Datei Net/src/MultipartReader.cpp. Mit der Manipulation mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff muss lokal passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 1.14.2 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 6f2f85913c191ab9ddfb8fae781f5d66afccf3bf bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "NULL Pointer Dereference"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-404", "description": "Denial of Service"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-06-21T00:31:06.881Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6375", "state": "PUBLISHED", "dateUpdated": "2025-06-23T14:44:10.943Z", "dateReserved": "2025-06-19T15:22:10.813Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-06-21T00:31:06.881Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in poco up to 1.14.1. It has been rated as problematic. Affected by this issue is the function MultipartInputStream of the file Net/src/MultipartReader.cpp. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.14.2 is able to address this issue. The patch is identified as 6f2f85913c191ab9ddfb8fae781f5d66afccf3bf. It is recommended to upgrade the affected component."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en poco hasta la versi\u00f3n 1.14.1. Se ha clasificado como problem\u00e1tica. Este problema afecta a la funci\u00f3n MultipartInputStream del archivo Net/src/MultipartReader.cpp. La manipulaci\u00f3n provoca la desreferenciaci\u00f3n de puntero nulo. El ataque debe abordarse localmente. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Actualizar a la versi\u00f3n 1.14.2 puede solucionar este problema. El parche se identifica como 6f2f85913c191ab9ddfb8fae781f5d66afccf3bf. Se recomienda actualizar el componente afectado."}], "id": "CVE-2025-6375", "lastModified": "2025-06-23T20:16:21.633", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 1.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "[email protected]", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-06-21T01:15:29.463", "references": [{"source": "[email protected]", "url": "https://github.com/pocoproject/poco/commit/6f2f85913c191ab9ddfb8fae781f5d66afccf3bf"}, {"source": "[email protected]", "url": "https://github.com/pocoproject/poco/issues/4915"}, {"source": "[email protected]", "url": "https://github.com/pocoproject/poco/releases/tag/poco-1.14.2-release"}, {"source": "[email protected]", "url": "https://github.com/user-attachments/files/19524599/poco_crash.txt"}, {"source": "[email protected]", "url": "https://vuldb.com/?ctiid.313370"}, {"source": "[email protected]", "url": "https://vuldb.com/?id.313370"}, {"source": "[email protected]", "url": "https://vuldb.com/?submit.597446"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/pocoproject/poco/issues/4915"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-404"}, {"lang": "en", "value": "CWE-476"}], "source": "[email protected]", "type": "Secondary"}]}

{}