How severe is CVE-2025-0373?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6 out of 10.

What type of vulnerability is CVE-2025-0373?

This is classified as CWE-121, which is a common weakness in software security.

CVE-2025-0373 - MEDIUM Severity | CVSS 6

Vulnerability Description

On 64-bit systems, the implementation of VOP_VPTOFH() in the cd9660, tarfs and ext2fs filesystems overflows the destination FID buffer by 4 bytes, a stack buffer overflow. A NFS server that exports a cd9660, tarfs, or ext2fs file system can be made to panic by mounting and accessing the export with an NFS client. Further exploitation (e.g., bypassing file permission checking or remote kernel code execution) is potentially possible, though this has not been demonstrated. In particular, release kernels are compiled with stack protection enabled, and some instances of the overflow are caught by this mechanism, causing a panic.

Related Vulnerabilities

CVE-2023-0330

MEDIUM

CVSS:6.0(Medium)

A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free.

CWE-1212023

CVE-2021-39845

MEDIUM

CVSS:6.1(Medium)

Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a craf...

CWE-1212021

CVE-2021-39846

MEDIUM

CVSS:6.1(Medium)

CWE-1212021

CVE-2022-1355

MEDIUM

CVSS:6.1(Medium)

A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, ...

CWE-1212022

CVE-2023-4756

MEDIUM

CVSS:5.9(Medium)

Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.

CWE-1212023

CVE-2023-5407

MEDIUM

CVSS:5.9(Medium)

Controller denial of service due to improper handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning.

CWE-1212023