CVE-2025-6375
Publication date 21 June 2025
Last updated 25 June 2025
Ubuntu priority
A vulnerability was found in poco up to 1.14.1. It has been rated as problematic. Affected by this issue is the function MultipartInputStream of the file Net/src/MultipartReader.cpp. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.14.2 is able to address this issue. The patch is identified as 6f2f85913c191ab9ddfb8fae781f5d66afccf3bf. It is recommended to upgrade the affected component.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| poco | 25.04 plucky |
Needs evaluation
|
| 24.10 oracular |
Needs evaluation
|
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
|
| 14.04 LTS trusty |
Needs evaluation
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
3.3 · Low
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | Low |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
References
Other references
- https://www.cve.org/CVERecord?id=CVE-2025-6375
- https://github.com/pocoproject/poco/issues/4915
- https://github.com/pocoproject/poco/commit/6f2f85913c191ab9ddfb8fae781f5d66afccf3bf (poco-1.14.2-release)
- https://github.com/pocoproject/poco/commit/6f2f85913c191ab9ddfb8fae781f5d66afccf3bf
- https://github.com/pocoproject/poco/releases/tag/poco-1.14.2-release
- https://github.com/user-attachments/files/19524599/poco_crash.txt
- https://vuldb.com/?ctiid.313370
- https://vuldb.com/?id.313370
- https://vuldb.com/?submit.597446