poco up to 1.14.1 MultipartReader.cpp MultipartInputStream null pointer dereference
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 3.1 | $0-$5k | 0.00 |
Summary
A vulnerability categorized as problematic has been discovered in poco up to 1.14.1. This affects the function MultipartInputStream of the file Net/src/MultipartReader.cpp. Such manipulation leads to null pointer dereference.
This vulnerability is referenced as CVE-2025-6375. The attack can only be performed from a local environment. Furthermore, an exploit is available.
It is advisable to upgrade the affected component.
Details
A vulnerability was found in poco up to 1.14.1. It has been rated as problematic. Affected by this issue is the function MultipartInputStream of the file Net/src/MultipartReader.cpp. The manipulation with an unknown input leads to a null pointer dereference vulnerability. Using CWE to declare the problem leads to CWE-476. A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. Impacted is availability.
The advisory is available at github.com. This vulnerability is handled as CVE-2025-6375. The exploitation is known to be easy. Local access is required to approach this attack. Technical details as well as a public exploit are known.
The exploit is available at github.com. It is declared as proof-of-concept.
Upgrading to version 1.14.2 eliminates this vulnerability. The upgrade is hosted for download at github.com. Applying the patch 6f2f85913c191ab9ddfb8fae781f5d66afccf3bf is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version.
The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2025-18796). If you want to get best quality of vulnerability data, you may have to visit VulDB.
Product
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CNA CVSS-B Score: 🔍
CNA CVSS-BT Score: 🔍
CNA Vector: 🔍
CVSSv3
VulDB Meta Base Score: 3.3VulDB Meta Temp Score: 3.1
VulDB Base Score: 3.3
VulDB Temp Score: 3.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
CNA Base Score: 3.3
CNA Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Null pointer dereferenceCWE: CWE-476 / CWE-404
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: poco 1.14.2
Patch: 6f2f85913c191ab9ddfb8fae781f5d66afccf3bf
Timeline
06/19/2025 🔍06/19/2025 🔍
06/21/2025 🔍
Sources
Advisory: 4915Status: Confirmed
CVE: CVE-2025-6375 (🔍)
GCVE (CVE): GCVE-0-2025-6375
GCVE (VulDB): GCVE-100-313370
EUVD: 🔍
scip Labs: https://www.scip.ch/en/?labs.20161013
Entry
Created: 06/19/2025 17:27Updated: 06/21/2025 14:53
Changes: 06/19/2025 17:27 (60), 06/21/2025 04:25 (1), 06/21/2025 14:53 (30)
Complete: 🔍
Submitter: JJLeo
Cache ID: 216::103
Submit
Accepted
- Submit #597446: Applied Informatics Software Engineering GmbH poco poco 1.14.1 (commit 530c2ef) NULL Pointer Dereference (by JJLeo)
If you want to get best quality of vulnerability data, you may have to visit VulDB.
No comments yet. Languages: en.
Please log in to comment.