CVE-2025-6375 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-6375 PUBLISHED CVSS 4.800000190734863 MEDIUM

A vulnerability was found in poco up to 1.14.1. It has been rated as problematic. Affected by this issue is the function MultipartInputStream of the file Net/src/MultipartReader.cpp. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.14.2 is able to address this issue. The patch is identified as 6f2f85913c191ab9ddfb8fae781f5d66afccf3bf. It is recommended to upgrade the affected component.

EPSS 0.06% · 18.8th percentile

Risk Scores

CVSS v4.0

4.800000190734863

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

EPSS Score

0.06%

18.8th percentile

Affected Products

Vendor	Product	Versions
pocoproject	poco	0
n/a	poco	1.14.0, 1.14.1, 1.14.2

Timeline

Jun 21, 2025 EPSS Score
Jun 21, 2025 Coalition ESS Score
Jun 21, 2025 CVE Published
Jun 21, 2025 PoC Published
Jun 23, 2025 Coalition ESS Score
Jun 23, 2025 CVE Updated
Jun 24, 2025 Coalition ESS Score
Jul 1, 2025 EPSS Score
Jul 10, 2025 EPSS Score
Jul 20, 2025 EPSS Score
Jul 29, 2025 EPSS Score
Aug 8, 2025 EPSS Score

References

Open in Interactive Console →