High severity7.9NVD Advisory· Published Apr 17, 2026· Updated Apr 24, 2026

CVE-2025-65104

Description

Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or higher.

Affected products

Firebirdsql/Firebird
cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*
Range: <3.0.14

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/FirebirdSQL/firebird/security/advisories/GHSA-mfpr-9886-xjhgnvdVendor Advisory
github.com/FirebirdSQL/firebird/releases/tag/v4.0.0nvdProductRelease Notes

News mentions

No linked articles in our index yet.

cvss	0.514
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000