CVE-2025-6375: 
Linux Debian vulnerability analysis and mitigation

A vulnerability was discovered in poco up to version 1.14.1, identified as CVE-2025-6375. The issue affects the MultipartInputStream function in the Net/src/MultipartReader.cpp file, where improper handling of input leads to a null pointer dereference vulnerability. The vulnerability was discovered by Yifan Zhang and was publicly disclosed on March 30, 2025 (VulDB, GitHub Issue).

The vulnerability is classified as a null pointer dereference (CWE-476) and improper resource shutdown or release (CWE-404). The issue has been rated with a CVSS v3.1 base score of 3.3 (LOW) with the vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L. The vulnerability requires local access to exploit and primarily impacts system availability. The issue occurs in the MultipartInputStream function where a null pointer dereference can lead to a segmentation fault (VulDB, NVD).

The exploitation of this vulnerability can result in a denial of service condition through application crashes caused by the null pointer dereference. The attack affects system availability but does not impact confidentiality or integrity. The vulnerability requires local access to exploit, which somewhat limits its potential impact (VulDB).

The vulnerability has been fixed in poco version 1.14.2. Users are strongly recommended to upgrade to this version to address the security issue. The fix is implemented through patch 6f2f85913c191ab9ddfb8fae781f5d66afccf3bf, which modifies the assertion handling in the MultipartReader.cpp file (GitHub Commit, Release Notes).