Vulnerability Details CVE-2025-47711
There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server can encounter a critical internal error, leading to a denial-of-service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 18.3%
CVSS Severity
CVSS v3 Score 4.3
References
Products affected by CVE-2025-47711
-
cpe:2.3:a:nbdkit_project:nbdkit:-
-
cpe:2.3:o:redhat:enterprise_linux:10.0
-
cpe:2.3:o:redhat:enterprise_linux:7.0
-
cpe:2.3:o:redhat:enterprise_linux:8.0
-
cpe:2.3:o:redhat:enterprise_linux:9.0
-
cpe:2.3:o:redhat:enterprise_linux_advanced_virtualization:8.0