What is the CVSS score of EUVD-2025-17436?

EUVD-2025-17436 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.1%.

Which versions of Ubuntu are affected by EUVD-2025-17436?

CVE-2025-47712 presents notable security risk, a integer overflow vulnerability rated CVSS 6.5. Exploitation could cause memory corruption or application crashes.. A patch is available.

How to fix or mitigate EUVD-2025-17436?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Ubuntu EUVD-2025-17436

| CVE-2025-47712 MEDIUM

Integer Overflow or Wraparound (CWE-190)

2025-06-09 secalert@redhat.com

Denial Of Service Integer Overflow Debian Ubuntu Red Hat Nbdkit Suse

6.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 14, 2026 - 19:21 euvd

EUVD-2025-17436

Analysis Generated

Mar 14, 2026 - 19:21 vuln.today

CVE Published

Jun 09, 2025 - 06:15 nvd

MEDIUM 6.5

DescriptionNVD

A flaw exists in the nbdkit "blocksize" filter that can be triggered by a specific type of client request. When a client requests block status information for a very large data range, exceeding a certain limit, it causes an internal error in the nbdkit, leading to a denial of service.

Analysis

Technical ContextAI

An integer overflow occurs when an arithmetic operation produces a value that exceeds the maximum (or minimum) size of the integer type used to store it. This vulnerability is classified as Integer Overflow or Wraparound (CWE-190).

RemediationAI

Use safe integer arithmetic libraries. Check for overflow conditions before operations. Use appropriately sized integer types.

More from same product – last 7 days

CVE-2026-9277 HIGH This Week

8.1 May 22

Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr

CVE-2026-9256 HIGH This Week

8.1 May 22

Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers

CVE-2026-47269 HIGH This Week

7.4 May 27

Authentication-context bypass in pam_usb before 0.9.0 lets a person holding an enrolled USB device authenticate over SSH

CVE-2026-47271 MEDIUM This Month

5.1 May 27

pam_usb prior to 0.9.0 crashes under memory pressure due to assert()-based OOM guards in src/mem.c that are silently str

CVE-2026-45898 Awaiting Data

May 27

In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix workqueue list corruption by removin

Vendor StatusVendor

Ubuntu

Priority: Medium

nbdkit

Release	Status	Version
xenial	needs-triage	-
focal	needs-triage	-
jammy	needs-triage	-
noble	needs-triage	-
plucky	ignored	end of life, was needs-triage
upstream	needs-triage	-
oracular	ignored	end of life, was needs-triage
questing	needs-triage	-

Debian

Bug #1105228

nbdkit

Release	Status	Fixed Version	Urgency
bullseye	vulnerable	1.24.1-2	-
bookworm	vulnerable	1.32.5-1	-
trixie	fixed	1.42.3-1	-
forky, sid	fixed	1.46.2-1	-
(unstable)	fixed	1.42.3-1	-

EUVD-2025-17436 vulnerability details – vuln.today

Back

Ubuntu EUVD-2025-17436

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

Analysis

Technical ContextAI

RemediationAI

More from same product – last 7 days

Vendor StatusVendor

Ubuntu

Debian

Share

External POC / Exploit Code