CVE-2025-65104

High

Published: 17 April 2026

Published

17 April 2026

Modified

24 April 2026

KEV Added

—

Patch

—

CVSS Score 7.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L

EPSS Score 0.0003 8.1th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-65104 is a high-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Firebirdsql Firebird. Its CVSS base score is 7.9 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Databases (T1213.006); ranked at the 8.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Threat & Defense at a Glance

What attackers do: exploitation maps to Databases (T1213.006). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly requires timely remediation of the Firebird FB3 client library vulnerability by upgrading to FB4 or higher to correct incorrect XSQLDA data length values and prevent information leakage.

RA-5 Vulnerability Monitoring and Scanning partial match

detect

Enables identification of systems with vulnerable Firebird FB3 client libraries through regular vulnerability scanning, facilitating targeted patching.

SI-5 Security Alerts, Advisories, and Directives partial match

detect

Ensures awareness and dissemination of the Firebird security advisory for CVE-2025-65104, prompting proactive upgrades to mitigate the client-server compatibility flaw.

MITRE ATT&CK Enterprise TechniquesAI

T1213.006 Databases Collection

Adversaries may leverage databases to mine valuable information.

attack.mitre.org →

Why these techniques?

Local info leak in DB client library directly enables unauthorized data retrieval from database repositories.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by…

upgrading to the FB4 client or higher.

Deeper analysisAI

CVE-2025-65104 is a vulnerability in Firebird, an open-source relational database management system, specifically affecting the FB3 client library. When the FB3 client communicates with FB4 or higher servers, it places incorrect data length values into XSQLDA fields, resulting in an information leak. Published on 2026-04-17, the issue carries a CVSS v3.1 base score of 7.9 (AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L) and is linked to CWE-200.

A local attacker with low privileges can exploit this vulnerability due to its low attack complexity and lack of required user interaction. Successful exploitation changes the scope, enabling low-impact confidentiality loss through the information leak, high-impact integrity disruption, and low-impact availability effects on the targeted system.

Firebird advisories recommend mitigation by upgrading to the FB4 client library or higher, which resolves the incorrect data length handling. Details are provided in the Firebird GitHub release notes for v4.0.0 and the security advisory at GHSA-mfpr-9886-xjhg.