CVE-2025-65104
Received Received - Intake
Information Leak in Firebird FB3 Client Library XSQLDA Fields

Publication date: 2026-04-17

Last updated on: 2026-04-24

Assigner: GitHub, Inc.

Description
Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or higher.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-17
Last Modified
2026-04-24
Generated
2026-06-16
AI Q&A
2026-04-18
EPSS Evaluated
2026-06-15
NVD
CVE-2025-65104
EUVD
EUVD-2025-209528
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
firebirdsql firebird to 3.0.14 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability in Firebird client library versions prior to FB4 causes an information leak due to incorrect data length values in XSQLDA fields when communicating with FB4 or higher servers.

Such an information leak could potentially expose sensitive data, which may impact compliance with data protection regulations like GDPR and HIPAA that require safeguarding personal and health information.

However, specific impacts on compliance with these standards are not detailed in the provided information.

Executive Summary

This vulnerability exists in the Firebird open-source relational database management system, specifically in versions of the FB3 client library. The issue occurs because the FB3 client library places incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers. This incorrect data handling results in an information leak.

The vulnerability can be resolved by upgrading to the FB4 client or a higher version.

Impact Analysis

This vulnerability can lead to an information leak due to incorrect data length values being placed into XSQLDA fields during communication between the client and server. Such leaks may expose sensitive or confidential data unintentionally.

The CVSS v3.1 base score of 7.9 indicates a high severity, with impacts including low confidentiality loss, high integrity loss, and low availability loss.

Mitigation Strategies

The vulnerability can be mitigated by upgrading the Firebird client library to version FB4 or higher.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-65104. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart