Firebird Client Flaw Leaks Data with Newer Servers
The National Vulnerability Database (NVD) has disclosed CVE-2025-65104, a high-severity information leak affecting Firebird, an open-source relational database management system. This vulnerability arises when older Firebird client libraries (FB3) communicate with newer Firebird servers (FB4 or higher). The FB3 client incorrectly populates XSQLDA fields with improper data length values, leading to an information leak.
This isn’t just a protocol quirk; it’s a critical data exposure. Attackers don’t need to be sophisticated. They simply need to be in a position to intercept traffic between an outdated client and a modern server. Given Firebird’s open-source nature, many organizations likely have mixed environments with legacy clients connecting to updated servers, creating a broad attack surface. The CVSS score of 7.9 (High) with a vector of AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L underscores the risk: a local attacker with low privileges can achieve high impact on confidentiality.
The fix is straightforward but requires immediate attention: upgrade all Firebird client libraries to FB4 or higher. This isn’t a ‘patch later’ situation. Any environment running this client-server combination is actively leaking data. Defenders must identify these older client instances and prioritize their upgrade path to mitigate this clear and present danger.
What This Means For You
- If your organization uses Firebird, you must immediately audit your client-server configurations. Identify any Firebird client libraries running FB3 or older that connect to FB4+ servers. This isn't theoretical; you are actively leaking information. Upgrade affected clients to FB4 or higher without delay.
Related ATT&CK Techniques
🛡️ Detection Rules
1 rules · 6 SIEM formats1 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
Exploitation Attempt — CVE-2025-65104
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2025-65104 | Information Disclosure | Firebird client library FB3 |
| CVE-2025-65104 | Information Disclosure | Incorrect data length values in XSQLDA fields |
| CVE-2025-65104 | Information Disclosure | Communication between Firebird client FB3 and server FB4 or higher |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 17, 2026 at 21:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related Posts
CVE-2026-6437 — Improper neutralization of argument delimiters in the
CVE-2026-6437 — Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Driver (aws-efs-csi-driver) before v3.0.1 allows remote authenticated users with...
Critical OpenViking Auth Bypass: Unset API Key Grants Full Bot Control
CVE-2026-40525 — OpenViking prior to commit c7bb167 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when...
Firebird Database Vulnerability Exposes Systems to Remote Crashes
CVE-2026-33337 — Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdr_datum()...