CVE-2025-14905

HIGH EPSS 59.6%

Published Feb 23, 20264mo ago · Modified Jun 17, 20261w ago

7.2 CVSS 3.1

High

Published Feb 23, 2026 4mo ago

Last Modified Jun 17, 2026 1w ago

Description

A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE).

CVSS Details

Base Score

7.2

Exploitability

1.2

Impact

5.9

Vector string

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required High

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

59.6% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-122

References 21

access.redhat.com https://access.redhat.com/errata/RHSA-2026:3189
access.redhat.com https://access.redhat.com/errata/RHSA-2026:3208
access.redhat.com https://access.redhat.com/errata/RHSA-2026:3379
access.redhat.com https://access.redhat.com/errata/RHSA-2026:3504
access.redhat.com https://access.redhat.com/errata/RHSA-2026:4207
access.redhat.com https://access.redhat.com/errata/RHSA-2026:4661
access.redhat.com https://access.redhat.com/errata/RHSA-2026:4720
access.redhat.com https://access.redhat.com/errata/RHSA-2026:5196
access.redhat.com https://access.redhat.com/errata/RHSA-2026:5511
access.redhat.com https://access.redhat.com/errata/RHSA-2026:5512
access.redhat.com https://access.redhat.com/errata/RHSA-2026:5513
access.redhat.com https://access.redhat.com/errata/RHSA-2026:5514
access.redhat.com https://access.redhat.com/errata/RHSA-2026:5568
access.redhat.com https://access.redhat.com/errata/RHSA-2026:5569
access.redhat.com https://access.redhat.com/errata/RHSA-2026:5576
access.redhat.com https://access.redhat.com/errata/RHSA-2026:5597
access.redhat.com https://access.redhat.com/errata/RHSA-2026:5598
access.redhat.com https://access.redhat.com/errata/RHSA-2026:6220
access.redhat.com https://access.redhat.com/errata/RHSA-2026:6268
access.redhat.com https://access.redhat.com/security/cve/CVE-2025-14905
bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2423624

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.