CVE-2025-6375 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2025-6375 Interim 1 1 2025-07-12T06:55:33Z current 2025-07-12T06:55:33Z 2025-07-12T06:55:33Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2025-6375 A vulnerability was found in poco up to 1.14.1. It has been rated as problematic. Affected by this issue is the function MultipartInputStream of the file Net/src/MultipartReader.cpp. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.14.2 is able to address this issue. The patch is identified as 6f2f85913c191ab9ddfb8fae781f5d66afccf3bf. It is recommended to upgrade the affected component. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Tumbleweed libPocoActiveRecord112-1.14.2-1.1 libPocoCppParser112-1.14.2-1.1 libPocoCrypto112-1.14.2-1.1 libPocoData112-1.14.2-1.1 libPocoDataMySQL112-1.14.2-1.1 libPocoDataODBC112-1.14.2-1.1 libPocoDataPostgreSQL112-1.14.2-1.1 libPocoDataSQLite112-1.14.2-1.1 libPocoEncodings112-1.14.2-1.1 libPocoFoundation112-1.14.2-1.1 libPocoJSON112-1.14.2-1.1 libPocoJWT112-1.14.2-1.1 libPocoMongoDB112-1.14.2-1.1 libPocoNet112-1.14.2-1.1 libPocoNetSSL112-1.14.2-1.1 libPocoPDF112-1.14.2-1.1 libPocoPrometheus112-1.14.2-1.1 libPocoRedis112-1.14.2-1.1 libPocoUtil112-1.14.2-1.1 libPocoXML112-1.14.2-1.1 libPocoZip112-1.14.2-1.1 poco-cpspc-1.14.2-1.1 poco-devel-1.14.2-1.1 libPocoActiveRecord112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoCppParser112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoCrypto112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoData112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoDataMySQL112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoDataODBC112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoDataPostgreSQL112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoDataSQLite112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoEncodings112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoFoundation112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoJSON112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoJWT112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoMongoDB112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoNet112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoNetSSL112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoPDF112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoPrometheus112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoRedis112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoUtil112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoXML112-1.14.2-1.1 as a component of openSUSE Tumbleweed libPocoZip112-1.14.2-1.1 as a component of openSUSE Tumbleweed poco-cpspc-1.14.2-1.1 as a component of openSUSE Tumbleweed poco-devel-1.14.2-1.1 as a component of openSUSE Tumbleweed A vulnerability was found in poco up to 1.14.1. It has been rated as problematic. Affected by this issue is the function MultipartInputStream of the file Net/src/MultipartReader.cpp. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.14.2 is able to address this issue. The patch is identified as 6f2f85913c191ab9ddfb8fae781f5d66afccf3bf. It is recommended to upgrade the affected component. CVE-2025-6375 openSUSE Tumbleweed:libPocoActiveRecord112-1.14.2-1.1 openSUSE Tumbleweed:libPocoCppParser112-1.14.2-1.1 openSUSE Tumbleweed:libPocoCrypto112-1.14.2-1.1 openSUSE Tumbleweed:libPocoData112-1.14.2-1.1 openSUSE Tumbleweed:libPocoDataMySQL112-1.14.2-1.1 openSUSE Tumbleweed:libPocoDataODBC112-1.14.2-1.1 openSUSE Tumbleweed:libPocoDataPostgreSQL112-1.14.2-1.1 openSUSE Tumbleweed:libPocoDataSQLite112-1.14.2-1.1 openSUSE Tumbleweed:libPocoEncodings112-1.14.2-1.1 openSUSE Tumbleweed:libPocoFoundation112-1.14.2-1.1 openSUSE Tumbleweed:libPocoJSON112-1.14.2-1.1 openSUSE Tumbleweed:libPocoJWT112-1.14.2-1.1 openSUSE Tumbleweed:libPocoMongoDB112-1.14.2-1.1 openSUSE Tumbleweed:libPocoNet112-1.14.2-1.1 openSUSE Tumbleweed:libPocoNetSSL112-1.14.2-1.1 openSUSE Tumbleweed:libPocoPDF112-1.14.2-1.1 openSUSE Tumbleweed:libPocoPrometheus112-1.14.2-1.1 openSUSE Tumbleweed:libPocoRedis112-1.14.2-1.1 openSUSE Tumbleweed:libPocoUtil112-1.14.2-1.1 openSUSE Tumbleweed:libPocoXML112-1.14.2-1.1 openSUSE Tumbleweed:libPocoZip112-1.14.2-1.1 openSUSE Tumbleweed:poco-cpspc-1.14.2-1.1 openSUSE Tumbleweed:poco-devel-1.14.2-1.1 low 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L