CVE-2025-47712
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk29th percentile - higher than 29% of all known CVEs
Summary
A vulnerability in the nbdkit "blocksize" filter allows a malicious client to trigger an internal error by requesting block status information for an excessively large data range. This leads to a denial of service (DoS) of the nbdkit server.
Risk Assessment
An attacker can remotely crash the nbdkit server, blocking access to shared storage blocks and disrupting dependent services.
Recommendation
Immediately update nbdkit to a version containing the fix for CVE-2025-47712. If an update is not possible, restrict server access to trusted clients only.
Original NVD description (English source)
A flaw exists in the nbdkit "blocksize" filter that can be triggered by a specific type of client request. When a client requests block status information for a very large data range, exceeding a certain limit, it causes an internal error in the nbdkit, leading to a denial of service.

