CVE-2025-47712: Nbd: nbdkit: integer overflow triggers an assertion resulting in denial of service
A flaw exists in the nbdkit "blocksize" filter that can be triggered by a specific type of client request. When a client requests block status information for a very large data range, exceeding a certain limit, it causes an internal error in the nbdkit, leading to a denial of service.
Security readout for executives and security teams
Plain-English summary
CVE-2025-47712 can let an authenticated network client crash an nbdkit service by asking for block status over an excessively large range. The impact is service availability, not data theft or modification. Business urgency is moderate for environments where nbdkit supports production virtualization, storage, or backup workflows.
Executive priority
Treat as a moderate availability risk. It is most important where nbdkit underpins business-critical virtualization or storage services. Patch planning should be prioritized, but the provided evidence does not justify emergency incident response without local exposure or crash indicators.
Technical view
The nbdkit blocksize filter has a CWE-190 integer overflow path. A large block-status request can trigger an assertion or internal error, causing denial of service. Red Hat marks RHEL 9 and RHEL 10 nbdkit as affected; several RHEL 7 and 8 streams are listed as unknown.
Likely exposure
Exposure is most likely on systems running nbdkit, especially Red Hat Enterprise Linux 9 or 10 deployments. Risk is higher when nbdkit is reachable by multiple authenticated clients or supports critical storage operations. RHEL 7 and 8 status is incomplete in the provided sources.
Exploitation context
The CVSS vector indicates network access, low attack complexity, low privileges required, and no user interaction. The provided bundle does not show CISA KEV listing or cited evidence of active exploitation, so active exploitation should not be assumed.
Researcher notes
The public bundle supports denial of service via integer overflow in the blocksize filter and lists affected Red Hat products. It does not provide exploit code, active exploitation evidence, or explicit remediation details. Unknown product statuses should be verified directly against vendor advisories.
Mitigation direction
Check Red Hat and nbdkit vendor guidance for fixed package availability.
Prioritize updates on RHEL 9 and RHEL 10 hosts running nbdkit.
Restrict nbdkit access to trusted authenticated clients and required networks.
Review whether the blocksize filter is enabled and required operationally.
Increase monitoring for nbdkit crashes, restarts, or assertion failures.
Validation and detection
Inventory hosts and containers running the nbdkit package or service.
Identify RHEL 9 and RHEL 10 systems using nbdkit in production paths.
Review nbdkit configuration for use of the blocksize filter.
Check package versions against vendor advisories and errata.
Review service logs for recent crashes or unexpected restarts.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-190: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-190 · source CWE mapping
Integer Overflow or Wraparound
Integer Overflow or Wraparound represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.