CVE-2025-0725
Published: 05 February 2025
Description
When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.
Security Summary
CVE-2025-0725 is a buffer overflow vulnerability in libcurl triggered by an attacker-controlled integer overflow during automatic gzip decompression of content-encoded HTTP responses when the CURLOPT_ACCEPT_ENCODING option is enabled, specifically when using zlib 1.2.0.3 or older. This issue affects libcurl implementations configured for automatic decompression in such environments and is classified as CWE-120 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')). The vulnerability received a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) upon its publication on 2025-02-05.
A remote, unauthenticated attacker can exploit this vulnerability by controlling an HTTP response with gzip encoding that the target libcurl instance processes. Exploitation requires no user interaction or privileges and can occur over the network with low attack complexity. Successful exploitation leads to a buffer overflow, potentially resulting in limited impacts to confidentiality, integrity, and availability as per the CVSS assessment.
Official advisories and patch details are provided by the curl project at https://curl.se/docs/CVE-2025-0725.html and https://curl.se/docs/CVE-2025-0725.json, with additional context in the originating HackerOne report at https://hackerone.com/reports/2956023 and discussions on the oss-security mailing list at http://www.openwall.com/lists/oss-security/2025/02/05/3 and http://www.openwall.com/lists/oss-security/2025/02/06/2.
Details
- CWE(s)