1. Home
  2. CVE Database
  3. CVE-2025-0725
HIGH · 7.3

CVE-2025-0725

When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integ...

Vulnerability Description

When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.

CVSS Score

7.3

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW

Affected Products

VendorProductVersions
NetappHci Baseboard Management Controller-
NetappHci H610S Firmware-
NetappHci H610S-
NetappHci H610C Firmware-
NetappHci H610C-
NetappHci H615C Firmware-
NetappHci H615C-
NetappSolidfire \& Hci Management Node-
NetappSolidfire \& Hci Storage Node-
HaxxCurl>= 7.10.5, < 8.12.0
HaxxLibcurl>= 7.10.5, < 8.12.0
ZlibZlib<= 1.2.0.3

Related Weaknesses (CWE)

CWE-120

References

FAQ

What is CVE-2025-0725?

CVE-2025-0725 is a vulnerability with a CVSS score of 7.3 (HIGH). When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integ...

How severe is CVE-2025-0725?

CVE-2025-0725 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-0725?

Check the references section above for vendor advisories and patch information. Affected products include: Netapp Hci Baseboard Management Controller, Netapp Hci H610S Firmware, Netapp Hci H610S, Netapp Hci H610C Firmware, Netapp Hci H610C.