CVE-2025-57275: SPDK is vulnerable to buffer overflow in the NVMe-oF target component

October 1, 2025

Storage Performance Development Kit (SPDK) 25.05 is vulnerable to Buffer Overflow in the NVMe-oF target component in SPDK - lib/nvmf.

References

github.com/advisories/GHSA-5m5w-w2h2-fqgq
github.com/spdk/spdk
github.com/spdk/spdk/commit/8981ddb1ccaf54f85d34482a5a644e075b58cb36
github.com/spdk/spdk/commit/f786c6d75f5c5162363a621b24f5449c729679c9
nvd.nist.gov/vuln/detail/CVE-2025-57275
spdk.io/

Code Behaviors & Features

Detect and mitigate CVE-2025-57275 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →