CVE-2025-52887
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-06-26

Last updated on: 2025-08-06

Assigner: GitHub, Inc.

Description
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In version 0.21.0, when many http headers fields are passed in, the library does not limit the number of headers, and the memory associated with the headers will not be released when the connection is disconnected. This leads to potential exhaustion of system memory and results in a server crash or unresponsiveness. Version 0.22.0 contains a patch for the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-26
Last Modified
2025-08-06
Generated
2026-05-07
AI Q&A
2025-06-26
EPSS Evaluated
2026-05-05
NVD
CVE-2025-52887
EUVD
EUVD-2025-19196
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
yhirose cpp-httplib 0.21.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-52887 is a vulnerability in the cpp-httplib library version 0.21.0 where the library does not limit the total number of HTTP header fields processed. An attacker can exploit this by sending an unlimited number of headers without properly terminating the request, causing the server to allocate unbounded memory. This leads to a memory leak and potential exhaustion of system memory, resulting in the server crashing or becoming unresponsive. The issue occurs before request routing, requires no authentication, and can be triggered remotely. [1]


How can this vulnerability impact me? :

This vulnerability can cause a denial of service (DoS) by exhausting the server's memory resources. An attacker can remotely send many HTTP headers to consume excessive memory, leading to server crashes or unresponsiveness. This can disrupt service availability and potentially affect other applications running on the same system, especially in multi-tenant environments. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by monitoring for unusual or excessive HTTP header traffic that attempts to send a very large number of headers without completing the HTTP request (i.e., without sending the terminating \r\n\r\n). One detection method is to capture and analyze HTTP traffic for requests with an abnormally high number of headers or incomplete header termination. Additionally, using the provided proof-of-concept (PoC) Python client script that performs a "Slow Headers" attack can help simulate and detect the vulnerability. Specific commands are not detailed in the resources, but network packet capture tools like tcpdump or Wireshark can be used to inspect HTTP headers, and custom scripts can be employed to detect excessive header counts or incomplete requests. [1]


What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to upgrade the cpp-httplib library to version 0.22.0 or later, which contains a patch that limits the maximum number of HTTP headers processed (default limit set to 100). This patch prevents excessive memory allocation by rejecting requests that exceed the header count limit, thus mitigating the denial-of-service risk. If upgrading is not immediately possible, consider implementing network-level protections such as rate limiting or filtering to block requests with unusually high numbers of headers or incomplete HTTP requests. [2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart