CVE-2025-54574

CRITICAL

Squid < 6.4 - Out-of-Bounds Write

Title source: rule

Description

Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable URN access permissions.

Exploits (2)

nomisec WRITEUP

by starrynightsecurity · poc

https://github.com/starrynightsecurity/CVE-2025-54574-Squid-Heap-Buffer-Overflow

View Code ZIP pw:eip

nomisec WRITEUP

by gmh5225 · poc

https://github.com/gmh5225/Blackash-CVE-2025-54574

View Code ZIP pw:eip

References (5)

[Patch] https://github.com/squid-cache/squid/commit/a27bf4b84da23594150c7a86a23435df0b35b988

[Release Notes] https://github.com/squid-cache/squid/releases/tag/SQUID_6_4

[Mitigation, Patch, Vendor Advisory] https://github.com/squid-cache/squid/security/advisories/GHSA-w4gv-vw3f-29g3

[Mailing List] http://www.openwall.com/lists/oss-security/2025/11/05/5

[Mailing List] https://lists.debian.org/debian-lts-announce/2025/09/msg00027.html

Scores

CVSS v3 9.3

EPSS 0.0390

EPSS Percentile 88.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H

Details

CWE

CWE-122 CWE-787

Status published

Products (1)

squid-cache/squid < 6.4

Published Aug 01, 2025

Tracked Since Feb 18, 2026