CVE-2025-53537
BaseFortify
Publication date: 2025-07-23
Last updated on: 2025-08-05
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oisf | libhtp | to 0.5.51 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-401 | The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-53537 is a high-severity memory leak vulnerability in libhtp versions 0.5.50 and below. It occurs in the LZMA decompression component when processing network traffic, causing allocated memory not to be released properly. This leads to resource starvation and can cause the affected process to fail, resulting in loss of visibility into network traffic. The vulnerability can be exploited remotely without any privileges or user interaction. [1]
How can this vulnerability impact me? :
This vulnerability can cause the libhtp process to consume increasing amounts of memory due to a leak, potentially leading to process failure and loss of availability. This means you could lose visibility into network traffic, which may impact monitoring, security analysis, or any dependent services relying on libhtp for HTTP parsing. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves a memory leak in libhtp's LZMA decompression component triggered by network traffic, leading to resource starvation and potential process failure. Detection can involve monitoring the Suricata process memory usage for unusual growth or leaks during HTTP traffic processing. While no specific detection commands are provided, you can use system monitoring tools such as 'top', 'htop', or 'ps' to observe Suricata's memory consumption. Additionally, enabling verbose logging in Suricata may help identify decompression errors related to LZMA. For example, commands like 'ps aux | grep suricata' or 'top -p <suricata_pid>' can be used to monitor memory usage. However, no explicit detection commands are detailed in the provided resources. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, you should either upgrade libhtp to version 0.5.51 or later, where the memory leak issue is fixed, or apply the workaround by disabling LZMA decompression in Suricata. This can be done by setting 'suricata.yaml' configuration parameter 'app-layer.protocols.http.libhtp.default-config.lzma-enabled' to false. This disables the vulnerable LZMA decompression feature and prevents exploitation until an upgrade can be performed. [1]