CVE-2025-47711
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk28th percentile - higher than 28% of all known CVEs
Summary
A flaw exists in the nbdkit server when handling plugin responses about data block status. If a client requests a very large data range and a plugin responds with an even larger single block, the server may encounter a critical internal error, leading to a denial-of-service.
Risk Assessment
An attacker can remotely crash the nbdkit server, causing disruption of access to stored data and impacting dependent services.
Recommendation
Immediately update nbdkit to a patched version. If an update is not possible, restrict server access to trusted clients only.
Original NVD description (English source)
There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server can encounter a critical internal error, leading to a denial-of-service.

