CVE-2025-4444

LOW

Tor <0.4.7.16/0.4.8.17 - DoS

Title source: llm

Description

A security flaw has been discovered in Tor up to 0.4.7.16/0.4.8.17. Impacted is an unknown function of the component Onion Service Descriptor Handler. Performing manipulation results in resource consumption. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is considered difficult. Upgrading to version 0.4.8.18 and 0.4.9.3-alpha is recommended to address this issue. It is recommended to upgrade the affected component.

References (6)

[Permissions Required, VDB Entry] https://vuldb.com/?id.324814

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.324814

[Permissions Required, VDB Entry] https://vuldb.com/?submit.640605

[Various Sources] https://github.com/chunmianwang/Tordos

View Writeup ZIP pw:eip

[Various Sources] https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.8/ReleaseNotes

[Various Sources] https://forum.torproject.org/t/alpha-and-stable-release-0-4-8-18-and-0-4-9-3-alpha/20578

Scores

CVSS v3 3.7

EPSS 0.0006

EPSS Percentile 19.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-400 CWE-404

Status published

Products (37)

n/a/Tor 0.4.7.0

n/a/Tor 0.4.7.1

n/a/Tor 0.4.7.10

n/a/Tor 0.4.7.11

n/a/Tor 0.4.7.12

n/a/Tor 0.4.7.13

n/a/Tor 0.4.7.14

n/a/Tor 0.4.7.15

n/a/Tor 0.4.7.16

n/a/Tor 0.4.7.2

... and 27 more

Published Sep 18, 2025

Tracked Since Feb 18, 2026