CVE-2025-51495

HIGH

Mongoose <7.18 - Buffer Overflow

Title source: llm

Description

An integer overflow vulnerability exists in the WebSocket component of Mongoose 7.5 thru 7.17. By sending a specially crafted WebSocket request, an attacker can cause the application to crash. If downstream vendors integrate this component improperly, the issue may lead to a buffer overflow.

Exploits (1)

nomisec WRITEUP

by cainiao159357 · poc

https://github.com/cainiao159357/CVE-2025-51495

View Code ZIP pw:eip

References (3)

[Exploit] https://github.com/cainiao159357/CVE-2025-51495

[Product] https://github.com/cesanta/mongoose

[Issue Tracking, Patch] https://github.com/cesanta/mongoose/pull/3131

Scores

CVSS v3 7.5

EPSS 0.0026

EPSS Percentile 49.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-190

Status published

Products (1)

cesanta/mongoose 7.5 - 7.17

Published Sep 29, 2025

Tracked Since Feb 18, 2026