CVE-2025-47712 identifies an integer overflow or wraparound vulnerability in the "blocksize" filter component of nbdkit, a toolkit for creating Network Block Device (NBD) servers. The vulnerability is triggered when a client sends a request for block status information covering an excessively large data range that exceeds internal limits. This causes an integer overflow or wraparound condition within nbdkit's internal calculations, leading to an error state that crashes the nbdkit process. The crash results in a denial of service (DoS) condition, disrupting access to virtual block devices served by nbdkit. The affected versions include 1.21.16, 1.40.0, and 1.42.0, commonly deployed on Red Hat Enterprise Linux 10 systems. The flaw requires network-level access and low privileges (PR:L), but no user interaction is needed. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) reflects that the attack can be launched remotely with low complexity, does not affect confidentiality or integrity, but fully impacts availability. No public exploits or active exploitation have been reported to date. The root cause is insufficient validation of client-supplied block range parameters, allowing integer overflow during internal arithmetic operations. This vulnerability can disrupt storage services relying on nbdkit, affecting virtualized environments and storage appliances that use NBD protocols.

The primary impact of CVE-2025-47712 is denial of service, which can interrupt critical storage services relying on nbdkit for network block device provisioning. Organizations using nbdkit in virtualization, cloud infrastructure, or storage appliances may experience service outages, impacting availability of virtual disks or storage volumes. Although confidentiality and integrity are not compromised, the loss of availability can disrupt business operations, cause downtime, and potentially lead to cascading failures in dependent systems. The ease of exploitation via network requests and lack of user interaction requirements increase the risk of automated or targeted DoS attacks. Enterprises with large-scale deployments of Red Hat Enterprise Linux 10 and nbdkit are particularly vulnerable. The absence of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as threat actors may develop exploits over time. The vulnerability could be leveraged in multi-stage attacks to degrade infrastructure resilience or as a distraction while other attacks are conducted.

To mitigate CVE-2025-47712, organizations should promptly apply vendor patches or updates to nbdkit versions that address the integer overflow in the blocksize filter. If patches are not immediately available, consider disabling or restricting access to the blocksize filter functionality or limiting client requests to trusted networks only. Implement network-level controls such as firewall rules or intrusion prevention systems to block suspicious or abnormally large block status requests targeting nbdkit services. Monitor logs and network traffic for unusual patterns indicative of exploitation attempts. Employ rate limiting on NBD service endpoints to reduce the risk of DoS attacks. Additionally, conduct regular vulnerability scanning and penetration testing focused on storage virtualization components. Maintain an incident response plan to quickly recover from potential service disruptions caused by exploitation of this vulnerability.