CVE-2025-30347

{"id": "CVE-2025-30347", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.0, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.2}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-03-21T07:15:37.527", "references": [{"url": "https://docs.varnish-software.com/security/VEV00001/", "tags": ["Mitigation", "Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-125"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "Varnish Enterprise before 6.0.13r13 allows remote attackers to obtain sensitive information via an out-of-bounds read for range requests on ephemeral MSE4 stevedore objects."}, {"lang": "es", "value": "Varnish Enterprise anterior a 6.0.13r13 permite a atacantes remotos obtener informaci\u00f3n confidencial a trav\u00e9s de una lectura fuera de los l\u00edmites para solicitudes de rango en objetos ef\u00edmeros de estibador MSE4."}], "lastModified": "2025-03-24T14:19:23.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5975FD1-9072-41BC-90DD-2623499C0596"}, {"criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E789035-901F-4D2D-B2A5-A59D7027C774"}, {"criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D8B185D-B4A9-42DE-8997-8E6ECF3B4DE7"}, {"criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C977CB4-E9E8-49B4-9D2A-B5DFA088EA1A"}, {"criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0FEF673-0DED-4646-B5C2-3D5A4617380F"}, {"criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2128880-BA15-414B-84F0-E57B96DF376C"}, {"criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9C9D8DF-86F8-4020-AC66-EF8367A11EDC"}, {"criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "132F60B2-FADA-479E-B45E-166046A2567C"}, {"criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4FB05CB-0966-43CD-84AA-B4F2DA181446"}, {"criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2AAA8F5B-F974-4493-9573-F60CC9E084A4"}, {"criteria": "cpe:2.3:a:varnish-software:varnish_enterprise:6.0.13:r9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B67CD7FB-4810-4AFA-BD4D-F2AB2A41D0A4"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}