CVE-2025-10158

A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The

malicious

rsync client requires at least read access to the remote rsync module in order to trigger the issue.

More information : https://attackerkb.com/assessments/fbacb2a6-d1cd-4011-bb3a-f06b1c8306b1