CVE-2025-0725
Published: 05 February 2025
Summary
CVE-2025-0725 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Netapp Hci Baseboard Management Controller. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 30.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-0725 is a buffer overflow vulnerability in libcurl triggered during automatic gzip decompression of content-encoded HTTP responses when the CURLOPT_ACCEPT_ENCODING option is used together with zlib 1.2.0.3 or older. The root cause is an attacker-controlled integer overflow that leads to improper memory handling, categorized as CWE-120 and carrying a CVSS 3.1 score of 7.3.
An unauthenticated remote attacker can exploit the flaw over the network by returning a malicious HTTP response containing a crafted gzip payload. Successful exploitation can produce limited impacts on confidentiality, integrity, and availability without requiring user interaction or credentials.
Public advisories and patch information are available at https://curl.se/docs/CVE-2025-0725.html, the corresponding JSON record, the referenced HackerOne report, and oss-security mailing list posts from February 2025.
The EPSS probability rose from a low starting value to a peak of 0.0208 on 2026-02-03 before receding, indicating that exploitation interest increased after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-1837
Vulnerability details
When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in libcurl client during HTTP response processing enables remote exploitation for client-side code execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SI-2 requires timely identification, reporting, and correction of flaws like the libcurl buffer overflow from integer overflow in gzip decompression with old zlib versions.
RA-5 mandates vulnerability scanning to identify systems running vulnerable libcurl configurations with zlib 1.2.0.3 or older.
SI-16 implements memory protections such as ASLR and DEP that mitigate exploitation of the buffer overflow even if the vulnerable libcurl code executes.