CVE-2025-14905 HIGH

CVE-2025-14905: 389-ds-base: 389-ds-base: remote code execution and denial of service via heap buffer overflow

Vendor Red Hat
Product Red Hat Directory Server 12
Weakness CWE-122
Published February 23, 2026
Last update June 29, 2026

CVSS base score

7.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE).

Key dates

02Disclosure timeline

February 23, 2026 CVE published
June 29, 2026 Record updated