Medium severity4.3OSV Advisory· Published Nov 18, 2025· Updated Apr 15, 2026
CVE-2025-10158
CVE-2025-10158
Description
A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The
malicious
rsync client requires at least read access to the remote rsync module in order to trigger the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
17- osv-coords15 versionspkg:rpm/almalinux/rsyncpkg:rpm/almalinux/rsync-daemonpkg:rpm/almalinux/rsync-rrsyncpkg:rpm/opensuse/rsync&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/rsync&distro=openSUSE%20Tumbleweedpkg:rpm/suse/rsync&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/rsync&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/rsync&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/rsync&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/rsync&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/rsync&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/rsync&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/rsync&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/rsync&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/rsync&distro=SUSE%20Linux%20Micro%206.1
< 3.2.5-3.el9_7.2+ 14 more
- (no CPE)range: < 3.2.5-3.el9_7.2
- (no CPE)range: < 3.2.5-3.el9_7.2
- (no CPE)range: < 3.2.5-3.el9_7.2
- (no CPE)range: < 3.2.7-150600.3.14.1
- (no CPE)range: < 3.4.1-4.1
- (no CPE)range: < 3.2.3-150000.4.39.1
- (no CPE)range: < 3.2.3-150400.3.26.1
- (no CPE)range: < 3.2.3-150400.3.26.1
- (no CPE)range: < 3.2.3-150400.3.26.1
- (no CPE)range: < 3.2.7-150600.3.14.1
- (no CPE)range: < 3.4.1-160000.4.1
- (no CPE)range: < 3.4.1-160000.4.1
- (no CPE)range: < 3.1.3-3.34.1
- (no CPE)range: < 3.2.7-5.1
- (no CPE)range: < 3.3.0-slfo.1.1_4.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.