CVE-2025-54574
BaseFortify
Publication date: 2025-08-01
Last updated on: 2025-11-05
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| squid-cache | squid | to 6.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Squid versions 6.3 and below, where a heap buffer overflow can occur due to incorrect buffer management when processing URN. This flaw can potentially allow remote code execution. The issue has been fixed in version 6.4, and a workaround is to disable URN access permissions.
How can this vulnerability impact me? :
The vulnerability can lead to remote code execution on systems running vulnerable versions of Squid, which means an attacker could execute arbitrary code remotely, potentially compromising the affected system's integrity and availability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, disable URN access permissions in your Squid proxy configuration. Additionally, upgrade Squid to version 6.4 or later where this issue has been fixed.