CVE Catalog

CVE-2025-47711

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.36%

28th percentile - higher than 28% of all known CVEs

Summary

A flaw exists in the nbdkit server when handling plugin responses about data block status. If a client requests a very large data range and a plugin responds with an even larger single block, the server may encounter a critical internal error, leading to a denial-of-service.

Risk Assessment

An attacker can remotely crash the nbdkit server, causing disruption of access to stored data and impacting dependent services.

Recommendation

Immediately update nbdkit to a patched version. If an update is not possible, restrict server access to trusted clients only.

Original NVD description (English source)

There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server can encounter a critical internal error, leading to a denial-of-service.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS