CVE-2025-47712

A flaw exists in the nbdkit "blocksize" filter that can be triggered by a specific type of client request. When a client requests block status information for a very large data range, exceeding a certain limit, it causes an internal error in the nbdkit, leading to a denial of service.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2025-47712	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2365724	Issue Tracking Third Party Advisory
https://lists.libguestfs.org/archives/list/guestfs@lists.libguestfs.org/thread/67E7AASHHADIY7VAD3FFW2I67LTWVWYF/	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:nbdkit_project:nbdkit:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:10.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_advanced_virtualization:8.0:::::::*

History

21 Aug 2025, 01:19

Type	Values Removed	Values Added
References	~~() https://access.redhat.com/security/cve/CVE-2025-47712 -~~	() https://access.redhat.com/security/cve/CVE-2025-47712 - Third Party Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2365724 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2365724 - Issue Tracking, Third Party Advisory
References	~~() https://lists.libguestfs.org/archives/list/guestfs@lists.libguestfs.org/thread/67E7AASHHADIY7VAD3FFW2I67LTWVWYF/ -~~	() https://lists.libguestfs.org/archives/list/guestfs@lists.libguestfs.org/thread/67E7AASHHADIY7VAD3FFW2I67LTWVWYF/ - Third Party Advisory
First Time		Nbdkit Project nbdkit Redhat enterprise Linux Redhat Nbdkit Project Redhat enterprise Linux Advanced Virtualization
CPE		cpe:2.3:a:nbdkit_project:nbdkit:-:::::::* cpe:2.3:o:redhat:enterprise_linux:8.0:::::::* cpe:2.3:o:redhat:enterprise_linux_advanced_virtualization:8.0:::::::* cpe:2.3:o:redhat:enterprise_linux:7.0:::::::* cpe:2.3:o:redhat:enterprise_linux:9.0:::::::* cpe:2.3:o:redhat:enterprise_linux:10.0:::::::*

29 Jul 2025, 19:15

Type	Values Removed	Values Added
References		() https://lists.libguestfs.org/archives/list/guestfs@lists.libguestfs.org/thread/67E7AASHHADIY7VAD3FFW2I67LTWVWYF/ -

09 Jun 2025, 12:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-09 06:15

Updated : 2025-08-21 01:19

NVD link : CVE-2025-47712

Mitre link : CVE-2025-47712

CVE.ORG link : CVE-2025-47712

JSON object : View

Products Affected

redhat

enterprise_linux_advanced_virtualization
enterprise_linux

nbdkit_project

nbdkit

CWE

CWE-190

Integer Overflow or Wraparound

4.3 /10