CVE-2025-30347

Summary

Varnish Enterprise before 6.0.13r13 allows remote attackers to obtain sensitive information via an out-of-bounds read for range requests on ephemeral MSE4 stevedore objects.

Affected Software

VendorProductVersion RangeStatus
varnish-softwareVarnish Enterprise6 < 6.0.13r13affected

Weaknesses

  • CWE-125: CWE-125 Out-of-bounds Read

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References