CVE-2025-24975 – Firebird database servers with external connect... (How to Fix)

Q: What is the severity of CVE-2025-24975?

CVE-2025-24975 has a CVSS score of 7.1 (HIGH). Firebird database servers with external connection pooling enabled (ExtConnPoolSize not set to 0) are vulnerable to a segmentation fault that can crash the server process. This affects encrypted databases accessed via execute statements and may also impact unencrypted databases. Organizations running vulnerable Firebird versions with external connection pooling configured are at risk.

📋 TL;DR

Firebird database servers with external connection pooling enabled (ExtConnPoolSize not set to 0) are vulnerable to a segmentation fault that can crash the server process. This affects encrypted databases accessed via execute statements and may also impact unencrypted databases. Organizations running vulnerable Firebird versions with external connection pooling configured are at risk.

💻 Affected Systems

Products:

Firebird SQL Database Server

Versions: All versions prior to 4.0.6.3183, 5.0.2.1610, and 6.0.0.609; specifically versions before point releases 4.0.6 and 5.0.2

Operating Systems: All platforms running Firebird

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when ExtConnPoolSize is not set to 0 in firebird.conf. Encrypted databases accessed via execute statements are particularly affected, but unencrypted databases may also be impacted.

📦 What is this software?

Firebird by Firebirdsql

View all CVEs affecting Firebird →

Firebird by Firebirdsql

View all CVEs affecting Firebird →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Server process crashes (segfault) leading to denial of service, potentially disrupting database availability and affecting dependent applications.

🟠

Likely Case

Database server crashes when specific conditions involving encrypted databases and execute statements are met, causing service disruption.

🟢

If Mitigated

With ExtConnPoolSize=0 or patched versions, no impact - the vulnerability is completely mitigated.

🌐 Internet-Facing: MEDIUM - Firebird servers exposed to the internet could be crashed by attackers, but exploitation requires specific conditions.

🏢 Internal Only: MEDIUM - Internal servers could be crashed by malicious insiders or through application bugs, but requires specific database operations.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires specific conditions: external connection pooling enabled, encrypted databases, and execute statement operations. No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.0.6.3183, 5.0.2.1610, 6.0.0.609 or point releases 4.0.6 and 5.0.2

Vendor Advisory: https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-fx9r-rj68-7p69

Restart Required: Yes

Instructions:

1. Download patched version from Firebird website. 2. Backup databases and configuration. 3. Stop Firebird service. 4. Install updated version. 5. Restart Firebird service. 6. Verify version with isql -z.

🔧 Temporary Workarounds

Disable External Connection Pooling

all

Set ExtConnPoolSize to 0 to disable the vulnerable feature

Edit firebird.conf and set: ExtConnPoolSize = 0
Restart Firebird service

🧯 If You Can't Patch

Set ExtConnPoolSize = 0 in firebird.conf configuration file
Monitor for server crashes and segfaults in system logs

🔍 How to Verify

Check if Vulnerable:

Check firebird.conf for ExtConnPoolSize setting (if not 0, vulnerable) and verify Firebird version is below patched versions

Check Version:

isql -z (on Linux/Unix) or fbsvcmgr info_server_version (on Windows)

Verify Fix Applied:

Confirm ExtConnPoolSize=0 in firebird.conf OR verify Firebird version is 4.0.6.3183+, 5.0.2.1610+, or 6.0.0.609+

📡 Detection & Monitoring

Log Indicators:

Segmentation fault errors in Firebird logs
Server crash/restart events
Error messages related to CryptCallback interface

Network Indicators:

Unexpected database connection drops
Application errors due to database unavailability

SIEM Query:

source="firebird.log" AND ("segfault" OR "segmentation fault" OR "cryptcallback")

📊 Metadata

CVE ID: CVE-2025-24975

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

CWE: CWE-754

EPSS Score: 0.07% exploit probability (21.5th percentile)

Published: August 15, 2025

Last Updated: October 9, 2025

🔗 References

https://github.com/FirebirdSQL/firebird/commit/658abd20449f72097fbbce57e8e6ae42ff837fb6 Patch
https://github.com/FirebirdSQL/firebird/issues/8429 Issue Tracking
https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-fx9r-rj68-7p69 Mitigation,Vendor Advisory
https://www.vicarius.io/vsociety/posts/cve-2025-24975-detect-vulnerable-firebird Exploit,Third Party Advisory
https://www.vicarius.io/vsociety/posts/cve-2025-24975-mitigate-firebird-vulnerability Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-24975, you might also want to check these: