CVE-2025-48498
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-22

Last updated on: 2025-11-03

Assigner: Talos

Description
A null pointer dereference vulnerability exists in the Distributed Transaction component of Bloomberg Comdb2 8.1 when processing a number of fields used for coordination. A specially crafted protocol buffer message can lead to a denial of service. An attacker can simply connect to a database instance over TCP and send the crafted message to trigger this vulnerability.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-22
Last Modified
2025-11-03
Generated
2026-05-07
AI Q&A
2025-07-22
EPSS Evaluated
2026-05-05
NVD
CVE-2025-48498
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
bloomberg comdb2 8.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is a null pointer dereference in the Distributed Transaction component of Bloomberg Comdb2 8.1. It occurs when processing certain fields used for coordination. An attacker can exploit this by sending a specially crafted protocol buffer message over TCP to a database instance, causing a denial of service.


How can this vulnerability impact me? :

The vulnerability can lead to a denial of service condition, meaning an attacker can cause the Bloomberg Comdb2 database instance to crash or become unavailable by sending a crafted message, potentially disrupting services relying on the database.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart