{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-10158", "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7", "state": "PUBLISHED", "assignerShortName": "rapid7", "dateReserved": "2025-09-09T11:15:17.585Z", "datePublished": "2025-11-18T14:24:19.210Z", "dateUpdated": "2025-11-18T14:45:58.065Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "rsync", "vendor": "rsync", "versions": [{"lessThanOrEqual": "3.4.1", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Calum Hutton"}], "datePublic": "2025-11-18T14:20:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The \n\nmalicious \n\nrsync client requires at least read access to the remote rsync module in order to trigger the issue."}], "value": "A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The \n\nmalicious \n\nrsync client requires at least read access to the remote rsync module in order to trigger the issue."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-129", "description": "CWE-129 Improper Validation of Array Index", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9974b330-7714-4307-a722-5648477acda7", "shortName": "rapid7", "dateUpdated": "2025-11-18T14:45:58.065Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f"}, {"tags": ["technical-description"], "url": "https://attackerkb.com/assessments/fbacb2a6-d1cd-4011-bb3a-f06b1c8306b1"}], "source": {"discovery": "UNKNOWN"}, "timeline": [{"lang": "en", "time": "2025-03-19T06:11:00.000Z", "value": "Rapid7 makes initial outreach to rsync maintainers"}, {"lang": "en", "time": "2025-03-19T10:04:00.000Z", "value": "Rsync maintainers confirm outreach"}, {"lang": "en", "time": "2025-03-20T10:34:00.000Z", "value": "Rapid7 provides rsync maintainers a technical writeup and PoC to reproduce the issue"}, {"lang": "en", "time": "2025-04-02T03:05:00.000Z", "value": "Rapid7 requests confirmation of findings"}, {"lang": "en", "time": "2025-04-06T09:30:00.000Z", "value": "Rsync maintainers indicate more time is needed"}, {"lang": "en", "time": "2025-04-16T05:31:00.000Z", "value": "Rsync maintainers reproduce the issue and dispute its security impact due to uncertainty around viability of heap manipulation during exploitation"}, {"lang": "en", "time": "2025-04-17T01:56:00.000Z", "value": "Rapid7 indicates manipulating the heap is nuanced and CVE assignment is both prudent and best practice in this instance"}, {"lang": "en", "time": "2025-05-07T09:08:00.000Z", "value": "Rapid7 requests an update"}, {"lang": "en", "time": "2025-05-12T06:08:00.000Z", "value": "Rsync maintainers indicate a pull request to fix the issue is forthcoming"}, {"lang": "en", "time": "2025-05-28T09:40:00.000Z", "value": "Rapid7 requests an update"}, {"lang": "en", "time": "2025-06-17T04:19:00.000Z", "value": "Rapid7 requests an update"}, {"lang": "en", "time": "2025-08-18T11:59:00.000Z", "value": "Rapid7 requests an update"}, {"lang": "en", "time": "2025-08-23T09:17:00.000Z", "value": "Rsync maintainers indicate a pull request to remediate the issue has been made and a feature release is forthcoming"}, {"lang": "en", "time": "2025-09-02T04:23:00.000Z", "value": "Rapid7 indicates intention to assign a CVE and perform a coordinated disclosure with the rsync maintainers upon the upcoming feature release"}, {"lang": "en", "time": "2025-09-09T11:18:00.000Z", "value": "Rapid7 provides rsync maintainers a reserved CVE identifier and requests the date for the expected feature release"}, {"lang": "en", "time": "2025-11-11T04:42:00.000Z", "value": "Rapid7 indicates intention to publish the CVE record on November 18, 2025."}, {"lang": "en", "time": "2025-11-18T14:00:00.000Z", "value": "This disclosure"}], "title": "Rsync: Out of bounds array access via negative index", "x_generator": {"engine": "Vulnogram 0.5.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The \n\nmalicious \n\nrsync client requires at least read access to the remote rsync module in order to trigger the issue."}], "id": "CVE-2025-10158", "lastModified": "2025-11-18T15:16:25.433", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cve@rapid7.com", "type": "Secondary"}]}, "published": "2025-11-18T15:16:25.433", "references": [{"source": "cve@rapid7.com", "url": "https://attackerkb.com/assessments/fbacb2a6-d1cd-4011-bb3a-f06b1c8306b1"}, {"source": "cve@rapid7.com", "url": "https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f"}], "sourceIdentifier": "cve@rapid7.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-129"}], "source": "cve@rapid7.com", "type": "Secondary"}]}

{}

{}