CVE-2025-4444
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-18

Last updated on: 2025-09-19

Assigner: VulDB

Description
A security flaw has been discovered in Tor up to 0.4.7.16/0.4.8.17. Impacted is an unknown function of the component Onion Service Descriptor Handler. Performing manipulation results in resource consumption. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is considered difficult. Upgrading to version 0.4.8.18 and 0.4.9.3-alpha is recommended to address this issue. It is recommended to upgrade the affected component.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-18
Last Modified
2025-09-19
Generated
2026-06-16
AI Q&A
2025-09-18
EPSS Evaluated
2026-06-14
NVD
CVE-2025-4444
EUVD
EUVD-2025-29912
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
tor tor 0.4.8.18
tor tor 0.4.9.3-alpha
tor tor 0.4.8
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
CWE-404 The product does not release or incorrectly releases a resource before it is made available for re-use.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a security flaw in Tor versions up to 0.4.7.16 and 0.4.8.17, specifically in an unknown function of the Onion Service Descriptor Handler component. An attacker can remotely manipulate this function to cause excessive resource consumption, potentially leading to denial of service or degraded performance. The attack is considered difficult to execute due to its high complexity.

Impact Analysis

The vulnerability can impact you by allowing a remote attacker to cause resource exhaustion on the affected Tor service, which may result in degraded service availability or denial of service. This could disrupt normal operations relying on Tor's onion services.

Mitigation Strategies

Upgrade the affected Tor software to version 0.4.8.18 or 0.4.9.3-alpha as recommended to address the vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-4444. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart