Cisco Talos discovered and disclosed five vulnerabilities in Bloomberg Comdb2, which have been patched by the vendor. These vulnerabilities primarily involve denial of service through crafted network messages. #BloombergComdb2 #CiscoTalos #CVE2025-36520 #CVE2025-48498
Keypoints
- Cisco Talos identified five vulnerabilities in Bloomberg Comdb2 database software.
- Three null pointer dereference vulnerabilities can cause denial of service via protocol buffer message handling.
- Two vulnerabilities target the distributed transaction component, also leading to potential service disruptions.
- Attackers can exploit these flaws by sending crafted network packets over TCP connections.
- The vulnerabilities have been patched, with detection guidance available through Snort rule sets and Talos advisories.