CVE-2025-30347

Published Mar 21, 2025

Last updated 12 days ago

CVSS medium 4.0

Overview

Description: Varnish Enterprise before 6.0.13r13 allows remote attackers to obtain sensitive information via an out-of-bounds read for range requests on ephemeral MSE4 stevedore objects.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

Weaknesses

cve@mitre.org: CWE-125
nvd@nist.gov: CWE-125

Hype score: Not currently trending

CVE-2025-30347 Varnish Enterprise before 6.0.13r13 allows remote attackers to obtain sensitive information via an out-of-bounds read for range requests on ephemeral MSE4 stevedore o… https://t.co/dYld3AzxZ4
@CVEnew
21 Mar 2025
348 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D5975FD1-9072-41BC-90DD-2623499C0596"
          },
          {
            "criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E789035-901F-4D2D-B2A5-A59D7027C774"
          },
          {
            "criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r12:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D8B185D-B4A9-42DE-8997-8E6ECF3B4DE7"
          },
          {
            "criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C977CB4-E9E8-49B4-9D2A-B5DFA088EA1A"
          },
          {
            "criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0FEF673-0DED-4646-B5C2-3D5A4617380F"
          },
          {
            "criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E2128880-BA15-414B-84F0-E57B96DF376C"
          },
          {
            "criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A9C9D8DF-86F8-4020-AC66-EF8367A11EDC"
          },
          {
            "criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "132F60B2-FADA-479E-B45E-166046A2567C"
          },
          {
            "criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4FB05CB-0966-43CD-84AA-B4F2DA181446"
          },
          {
            "criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2AAA8F5B-F974-4493-9573-F60CC9E084A4"
          },
          {
            "criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B67CD7FB-4810-4AFA-BD4D-F2AB2A41D0A4"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References