CVE-2025-62689

HIGH

GNU Libmicrohttpd < 2025-09-16 - Heap Buffer Overflow

Title source: rule

Description

NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service (DoS) condition.

References (3)

Core 3

Core References

Patch

https://git.gnunet.org/libmicrohttpd.git/commit/?id=ff13abc1c1d7d2b30d69d5c0bd4a237e1801c50b

Third Party Advisory

https://jvn.jp/en/jp/JVN76719218/

Product

https://www.gnu.org/software/libmicrohttpd/

Scores

CVSS v3 7.5

EPSS 0.0004

EPSS Percentile 10.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-122

Status published

Products (1)

gnu/libmicrohttpd < 2025-09-16

Published Nov 10, 2025

Tracked Since Feb 18, 2026