CVE-2025-24975 vulnerability and firebird version 3.0.11

23 views

Skip to first unread message

Chris Lee

unread,

Sep 22, 2025, 5:38:29 PM (2 days ago) Sep 22

to firebird-support

Hi,

Is firebird version 3.0.11 susceptible to the CVE-2025-24975 vulnerability? I see that 4.0.6.3183, 5.0.2.1610, and 6.0.0.609 and below are but wanted to confirm for 3.0.11. I checked for the value of EXT_CONN_POOL_SIZE but it was not found. I also don't see it specified in the firebird.conf file. If it susceptible, would I be able to set EXT_CONN_POOL_SIZE=0 in firebird.conf to fix it?

Thanks in advance,

Chris

ma...@lawinegevaar.nl

unread,

Sep 23, 2025, 4:54:04 AM (20 hours ago) Sep 23

to firebird-support

Firebird 3.0 is not affected, because this concerns a feature (external connections pool) that was introduced in Firebird 4.0.