CVE-2025-35966 is a null pointer dereference vulnerability identified in Bloomberg's Comdb2 database software, specifically version 8.1. The flaw exists in the handling of the CDB2SQLQUERY protocol buffer message, which is part of the communication protocol used by Comdb2 over TCP. When a specially crafted protocol buffer message is sent to the database instance, the software attempts to dereference a null pointer, leading to a crash of the database process and resulting in a denial of service (DoS). This vulnerability requires no authentication or user interaction, as an attacker only needs network access to the Comdb2 TCP port to exploit it. The CVSS v3.1 base score is 7.5, reflecting high severity due to the ease of exploitation (network attack vector, low complexity, no privileges or user interaction required) and the impact on availability. The vulnerability does not affect confidentiality or integrity, as it does not allow data leakage or unauthorized modification. No patches or fixes are currently linked, and no known exploits have been reported in the wild as of the publication date. However, the potential for service disruption in critical database environments is significant, especially in sectors relying on Bloomberg Comdb2 for financial data management and analytics. The vulnerability is classified under CWE-476 (NULL Pointer Dereference), a common software weakness that can cause crashes and instability. Organizations running Bloomberg Comdb2 8.1 should monitor for updates from Bloomberg and implement network controls to limit exposure.

The primary impact of CVE-2025-35966 is denial of service, which can disrupt the availability of Bloomberg Comdb2 database instances. For European organizations, particularly those in finance, banking, and trading sectors where Bloomberg products are widely used, this can lead to operational downtime, loss of access to critical financial data, and potential cascading effects on dependent systems and services. The vulnerability does not compromise data confidentiality or integrity, but the availability impact can affect business continuity and service level agreements. Since exploitation requires only network access and no authentication, any Comdb2 instance exposed to untrusted networks is at risk. This could lead to targeted attacks aiming to disrupt financial services or cause reputational damage. The lack of known exploits currently reduces immediate risk, but the straightforward nature of the attack vector means threat actors could develop exploits rapidly. European organizations with internet-facing Comdb2 instances or insufficient network segmentation are particularly vulnerable. The impact is heightened in countries with significant financial infrastructure relying on Bloomberg technologies.

1. Restrict network access to Bloomberg Comdb2 instances by implementing strict firewall rules and network segmentation to allow only trusted hosts and internal networks to communicate over the Comdb2 TCP port. 2. Monitor network traffic for anomalous or malformed protocol buffer messages targeting the CDB2SQLQUERY protocol, using intrusion detection/prevention systems (IDS/IPS) with custom signatures or behavioral analytics. 3. Apply vendor patches or updates as soon as Bloomberg releases a fix for this vulnerability; maintain close communication with Bloomberg support channels for advisories. 4. If patching is not immediately possible, consider temporarily disabling or restricting external access to Comdb2 services until mitigations are in place. 5. Conduct regular audits of Comdb2 deployment configurations to ensure no unintended exposure to untrusted networks. 6. Implement robust logging and alerting on Comdb2 service crashes or restarts to detect potential exploitation attempts early. 7. Educate network and security teams about this vulnerability to ensure rapid response and containment in case of an incident.