CVE-2025-55763

HIGH

CivetWeb 1.14-1.16 - Remote Code Execution via URI Parser Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-55763. PoCs published by krispybyte.

AI-analyzed exploit summary This repository contains a proof-of-concept for CVE-2025-55763, a buffer overflow vulnerability in the URI parser of CivetWeb 1.16. The PoC demonstrates a crash via heap overflow, with potential for remote code execution.

Description

Buffer Overflow in the URI parser of CivetWeb 1.14 through 1.16 (latest) allows a remote attacker to achieve remote code execution via a crafted HTTP request. This vulnerability is triggered during request processing and may allow an attacker to corrupt heap memory, potentially leading to denial of service or arbitrary code execution.

Exploits (1)

nomisec WORKING POC 3 stars

by krispybyte · poc

https://github.com/krispybyte/CVE-2025-55763

View Code ZIP pw:eip

This repository contains a proof-of-concept for CVE-2025-55763, a buffer overflow vulnerability in the URI parser of CivetWeb 1.16. The PoC demonstrates a crash via heap overflow, with potential for remote code execution.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: CivetWeb 1.16

No auth needed

Prerequisites: Network access to the target server · CivetWeb 1.16 running on the target

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Product

https://github.com/civetweb/civetweb

Exploit, Third Party Advisory

https://github.com/krispybyte/CVE-2025-55763

Scores

CVSS v3 7.5

EPSS 0.0112

EPSS Percentile 61.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-121

Status published

Products (1)

civetweb_project/civetweb 1.14 - 1.16

Published Aug 29, 2025

Tracked Since Feb 18, 2026