CVE Catalog

CVE-2025-47712

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.37%

29th percentile - higher than 29% of all known CVEs

Summary

A vulnerability in the nbdkit "blocksize" filter allows a malicious client to trigger an internal error by requesting block status information for an excessively large data range. This leads to a denial of service (DoS) of the nbdkit server.

Risk Assessment

An attacker can remotely crash the nbdkit server, blocking access to shared storage blocks and disrupting dependent services.

Recommendation

Immediately update nbdkit to a version containing the fix for CVE-2025-47712. If an update is not possible, restrict server access to trusted clients only.

Original NVD description (English source)

A flaw exists in the nbdkit "blocksize" filter that can be triggered by a specific type of client request. When a client requests block status information for a very large data range, exceeding a certain limit, it causes an internal error in the nbdkit, leading to a denial of service.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS