CVE-2025-52570
BaseFortify
Publication date: 2025-06-24
Last updated on: 2025-06-26
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-799 | The product does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests. |
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-52570 is a vulnerability in the Rust packages letmeind and letmeinfwd (versions up to 10.2.0) where the connection limiter is implemented incorrectly. This flaw allows an arbitrary number of simultaneous incoming connections over TCP, UDP, and Unix sockets, making the command line option "num-connections" ineffective. As a result, the services can accept more connections than intended because the semaphore controlling connection limits releases permits prematurely, allowing more concurrent connections than allowed. This issue has been fixed in version 10.2.1 by properly managing semaphore permits to ensure connection limits are enforced. [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to a Denial of Service (DoS) condition through resource exhaustion. Since the connection limiter does not effectively limit the number of simultaneous connections, an attacker could open many connections to the letmeind or letmeinfwd services, causing the service to become less responsive or unresponsive. This can disrupt normal operation and availability of the affected services. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring the number of simultaneous connections to the letmeind service (default port 5800) and checking if the connection limiter is ineffective. You can use network monitoring tools or commands like 'netstat -an | grep 5800' or 'ss -an | grep 5800' to observe the number of active connections. Additionally, monitoring system resource usage for signs of resource exhaustion or unresponsiveness of letmeind or letmeinfwd services may indicate exploitation of this vulnerability. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading letmeind and letmeinfwd to version 10.2.1 or later where the vulnerability is patched. As a workaround before upgrading, you can limit active connections to the letmeind port (default 5800) using firewall rules and restrict resource consumption using service managers like systemd to prevent resource exhaustion. [1]