{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-30403","assignerOrgId":"4fc57720-52fe-4431-a0fb-3d2c8747b827","state":"PUBLISHED","assignerShortName":"facebook","dateReserved":"2025-03-21T19:52:56.085Z","datePublished":"2025-07-11T18:26:51.212Z","dateUpdated":"2025-07-11T19:23:37.185Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"mvfst","vendor":"Facebook","versions":[{"lessThan":"v2025.07.07.00","status":"affected","version":"v2025.03.24.00","versionType":"semver"}]}],"dateAssigned":"2025-06-26T00:00:00.000Z","descriptions":[{"lang":"en","value":"A heap-buffer-overflow vulnerability is possible in mvfst via a specially crafted message during a QUIC session. This issue affects mvfst versions prior to v2025.07.07.00."}],"problemTypes":[{"descriptions":[{"description":"Heap-based Buffer Overflow (CWE-122)","lang":"en"}]}],"providerMetadata":{"orgId":"4fc57720-52fe-4431-a0fb-3d2c8747b827","shortName":"facebook","dateUpdated":"2025-07-11T18:26:51.212Z"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://www.facebook.com/security/advisories/cve-2025-30403"},{"tags":["x_refsource_CONFIRM"],"url":"https://github.com/facebook/mvfst/commit/65b297332191de6e867c4a3139a233fc84c0e7e0"}]},"adp":[{"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":8.1,"attackVector":"NETWORK","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H","integrityImpact":"NONE","userInteraction":"REQUIRED","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"NONE","confidentialityImpact":"HIGH"}},{"other":{"type":"ssvc","content":{"timestamp":"2025-07-11T19:22:21.366810Z","id":"CVE-2025-30403","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-07-11T19:23:37.185Z"}}]}}