VDB

CVE-2025-6375

CVE-2025-6375 PUBLISHED CVSS 4.800000190734863 MEDIUM

A vulnerability was found in poco up to 1.14.1. It has been rated as problematic. Affected by this issue is the function MultipartInputStream of the file Net/src/MultipartReader.cpp. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.14.2 is able to address this issue. The patch is identified as 6f2f85913c191ab9ddfb8fae781f5d66afccf3bf. It is recommended to upgrade the affected component.

EPSS 0.16% · 37.0th percentile

Risk Scores

CVSS 4.0
4.800000190734863
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
EPSS Score
0.16%
37.0th percentile

Affected Products

VendorProductVersions
pocoprojectpoco0
n/apoco1.14.1, 1.14.2, 1.14.0

Exploit Intelligence

Timeline

  • Jun 21, 2025 EPSS Score
  • Jun 21, 2025 Coalition ESS Score
  • Jun 21, 2025 CVE Published
  • Jun 21, 2025 PoC Published
  • Jun 23, 2025 Coalition ESS Score
  • Jun 23, 2025 CVE Updated
  • Jun 24, 2025 Coalition ESS Score
  • Jul 1, 2025 EPSS Score
  • Jul 11, 2025 EPSS Score
  • Jul 21, 2025 EPSS Score
  • Jul 31, 2025 EPSS Score
  • Aug 11, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›