CVE-2025-0725

Published: May 2, 2025
When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.
HIGH
CVSS v3: 7.3

Status

DocFilters Release Package State Justification Comment
25.1 zlib (1.3) Needs Triage
24.4 zlib (1.3) Needs Triage
24.4.0 zlib (1.3) Needs Triage
24.3 zlib (1.3) Needs Triage
24.2.1 zlib (1.3) Needs Triage
24.2 zlib (1.3) Needs Triage
24.1 zlib (1.3) Needs Triage
23.3 zlib (1.3) Needs Triage
23.2.1 zlib (1.2.12) Needs Triage
23.2 zlib (1.2.12) Needs Triage
23.1 zlib (1.2.12) Needs Triage
22.4 zlib (1.2.12) Needs Triage
22.3 zlib (1.2.12) Needs Triage
22.2 zlib (1.2.12) Needs Triage
22.1 zlib (1.2.11) Needs Triage
21.11.1 zlib (1.2.11) Needs Triage
21.11 zlib (1.2.11) Needs Triage
21.8.1 zlib (1.2.11) Needs Triage
21.8 zlib (1.2.11) Needs Triage
21.5.1 zlib (1.2.11) Needs Triage
21.5.0 zlib (1.2.11) Needs Triage
21.2.0 zlib (1.2.11) Needs Triage
11.4.20 zlib (1.2.11) Needs Triage
11.4.19.3667 zlib (1.2.11) Needs Triage
11.4.18.3599 zlib (1.2.11) Needs Triage
11.4.17 zlib (1.2.11) Needs Triage
11.4.16.3445 zlib (1.2.11) Needs Triage
11.4.15.3368 zlib (1.2.11) Needs Triage
11.4.14.3263 zlib (1.2.11) Needs Triage
11.4.13.3179 zlib (1.2.11) Needs Triage
11.4.12.3054 zlib (1.2.11) Needs Triage
11.4.11.3040 zlib (1.2.11) Needs Triage
11.4.11.2990 zlib (1.2.11) Needs Triage
11.4.10.2934 zlib (1.2.11) Needs Triage
11.4.9.2878 zlib (1.2.11) Needs Triage
11.4.8.2822 zlib (1.2.11) Needs Triage

Severity score breakdown

Attack Complexity
LOW
Attack Vector
NETWORK
Availability Impact
LOW
Base Score
7.3
Base Severity
HIGH
Confidentiality Impact
LOW
Integrity Impact
LOW
Privileges Required
NONE
Scope
UNCHANGED
User Interaction
NONE
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Version
3.1

References