CVE-2025-7054
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-07

Last updated on: 2025-08-14

Assigner: Cloudflare, Inc.

Description
Cloudflare quiche was discovered to be vulnerable to an infinite loop when sending packets containing RETIRE_CONNECTION_ID frames. QUIC connections possess a set of connection identifiers (IDs); see Section 5.1 of RFC 9000 https://datatracker.ietf.org/doc/html/rfc9000#section-5.1 . Once the QUIC handshake completes, a local endpoint is responsible for issuing and retiring Connection IDs that are used by the remote peer to populate the Destination Connection ID field in packets sent from remote to local. Each Connection ID has a sequence number to ensure synchronization between peers. An unauthenticated remote attacker can exploit this vulnerability by first completing a handshake and then sending a specially-crafted set of frames that trigger a connection ID retirement in the victim. When the victim attempts to send a packet containing RETIRE_CONNECTION_ID frames, Section 19.16 of RFC 9000 https://datatracker.ietf.org/doc/html/rfc9000#section-19.6 requires that the sequence number of the retired connection ID must not be the same as the sequence number of the connection ID used by the packet. In other words, a packet cannot contain a frame that retires itself. In scenarios such as path migration, it is possible for there to be multiple active paths with different active connection IDs that could be used to retire each other. The exploit triggered an unintentional behaviour of a quiche design feature that supports retirement across paths while maintaining full connection ID synchronization, leading to an infinite loop.This issue affects quiche: from 0.15.0 before 0.24.5.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-07
Last Modified
2025-08-14
Generated
2026-05-07
AI Q&A
2025-08-07
EPSS Evaluated
2026-05-05
NVD
CVE-2025-7054
EUVD
EUVD-2025-23915
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cloudflare quiche From 0.15.0 (inc) to 0.24.5 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-835 The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in Cloudflare quiche involves an infinite loop triggered when sending packets containing RETIRE_CONNECTION_ID frames. QUIC connections use connection IDs with sequence numbers to synchronize peers. An attacker can complete a handshake and send specially crafted frames that cause the victim to attempt retiring a connection ID in a way that violates protocol rules, leading to an infinite loop in the quiche implementation. This happens because the packet contains a frame that retires itself, which is not allowed, causing unintentional behavior in quiche's design for connection ID retirement across multiple paths.


How can this vulnerability impact me? :

This vulnerability can cause a denial of service by triggering an infinite loop in the affected quiche implementation. An unauthenticated remote attacker can exploit this to disrupt the normal operation of the QUIC connection, potentially leading to service unavailability or degraded performance.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart