VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-8ve7-b7xm-cfd3

Essentials
Severities (11)
References (23)
Severity details (8)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-8ve7-b7xm-cfd3
Aliases	CVE-2025-21658
Summary	kernel: btrfs: avoid NULL pointer dereference if no valid extent tree
Status	Published
Exploitability	0.5
Weighted Severity	5.0
Risk	2.5
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-476

NULL Pointer Dereference

System	Score	Found at
cvssv3	5.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21658.json
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-21658
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-21658
epss	0.00017	https://api.first.org/data/v1/epss?cve=CVE-2025-21658
cvssv3.1	5.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	5.5	https://git.kernel.org/stable/c/24b85a8b0310e0144da9ab30be42e87e6476638a
ssvc	Track	https://git.kernel.org/stable/c/24b85a8b0310e0144da9ab30be42e87e6476638a
cvssv3.1	5.5	https://git.kernel.org/stable/c/6aecd91a5c5b68939cf4169e32bc49f3cd2dd329
ssvc	Track	https://git.kernel.org/stable/c/6aecd91a5c5b68939cf4169e32bc49f3cd2dd329
cvssv3.1	5.5	https://git.kernel.org/stable/c/aee5f69f3e6cd82bfefaca1b70b40b6cd8f3f784
ssvc	Track	https://git.kernel.org/stable/c/aee5f69f3e6cd82bfefaca1b70b40b6cd8f3f784

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21658.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-21658
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2339123		https://bugzilla.redhat.com/show_bug.cgi?id=2339123
24b85a8b0310e0144da9ab30be42e87e6476638a		https://git.kernel.org/stable/c/24b85a8b0310e0144da9ab30be42e87e6476638a
6aecd91a5c5b68939cf4169e32bc49f3cd2dd329		https://git.kernel.org/stable/c/6aecd91a5c5b68939cf4169e32bc49f3cd2dd329
aee5f69f3e6cd82bfefaca1b70b40b6cd8f3f784		https://git.kernel.org/stable/c/aee5f69f3e6cd82bfefaca1b70b40b6cd8f3f784
USN-7379-1		https://usn.ubuntu.com/7379-1/
USN-7379-2		https://usn.ubuntu.com/7379-2/
USN-7380-1		https://usn.ubuntu.com/7380-1/
USN-7381-1		https://usn.ubuntu.com/7381-1/
USN-7382-1		https://usn.ubuntu.com/7382-1/
USN-7513-1		https://usn.ubuntu.com/7513-1/
USN-7513-2		https://usn.ubuntu.com/7513-2/
USN-7513-3		https://usn.ubuntu.com/7513-3/
USN-7513-4		https://usn.ubuntu.com/7513-4/
USN-7513-5		https://usn.ubuntu.com/7513-5/
USN-7514-1		https://usn.ubuntu.com/7514-1/
USN-7515-1		https://usn.ubuntu.com/7515-1/
USN-7515-2		https://usn.ubuntu.com/7515-2/
USN-7522-1		https://usn.ubuntu.com/7522-1/
USN-7523-1		https://usn.ubuntu.com/7523-1/
USN-7524-1		https://usn.ubuntu.com/7524-1/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21658.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://git.kernel.org/stable/c/24b85a8b0310e0144da9ab30be42e87e6476638a

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:52:37Z/ Found at https://git.kernel.org/stable/c/24b85a8b0310e0144da9ab30be42e87e6476638a

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://git.kernel.org/stable/c/6aecd91a5c5b68939cf4169e32bc49f3cd2dd329

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:52:37Z/ Found at https://git.kernel.org/stable/c/6aecd91a5c5b68939cf4169e32bc49f3cd2dd329

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://git.kernel.org/stable/c/aee5f69f3e6cd82bfefaca1b70b40b6cd8f3f784

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T19:52:37Z/ Found at https://git.kernel.org/stable/c/aee5f69f3e6cd82bfefaca1b70b40b6cd8f3f784

Exploit Prediction Scoring System (EPSS)

Percentile	0.04405
EPSS Score	0.00017
Published At	June 5, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-04T16:49:41.626448+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-21658.json	38.6.0