CVE-2025-51495
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-29

Last updated on: 2025-10-16

Assigner: MITRE

Description
An integer overflow vulnerability exists in the WebSocket component of Mongoose 7.5 thru 7.17. By sending a specially crafted WebSocket request, an attacker can cause the application to crash. If downstream vendors integrate this component improperly, the issue may lead to a buffer overflow.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-29
Last Modified
2025-10-16
Generated
2026-06-16
AI Q&A
2025-09-29
EPSS Evaluated
2026-06-15
NVD
CVE-2025-51495
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cesanta mongoose From 7.5 (inc) to 7.17 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-190 The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-51495 is an integer overflow vulnerability in the WebSocket component of the Mongoose library versions 7.5 through 7.17. It occurs in the function that handles incoming WebSocket frames (mg_ws_cb), where a specially crafted WebSocket request can cause the offset variable to underflow when calculating ofs-1, resulting in a very large value. This leads to out-of-bounds memory access during buffer manipulation, which can cause the application to crash or potentially lead to memory corruption or remote code execution if downstream vendors integrate the component improperly. The vulnerability was addressed by enhancing the validation logic for the offset parameter to prevent improper buffer deletion and mitigate risks such as buffer overflows and data corruption. [1, 2]

Impact Analysis

This vulnerability can cause the affected application using the Mongoose WebSocket component to crash when processing specially crafted WebSocket requests. In some cases, if the component is integrated improperly by downstream vendors, it may lead to buffer overflows, memory corruption, and potentially remote code execution. This means an attacker could remotely exploit this flaw to disrupt service availability or execute arbitrary code on the affected system, posing significant security risks. [1, 2]

Detection Guidance

This vulnerability can be detected by monitoring for crashes or abnormal behavior in applications using the Mongoose WebSocket component, especially when receiving WebSocket frames. A practical approach is to use the Mongoose 'websocket-server' example with AddressSanitizer (ASAN) enabled to reproduce the crash by sending specially crafted WebSocket packets. For detection on your system, you can use network traffic capture tools like Wireshark or tcpdump to identify suspicious WebSocket frames. Additionally, testing with a modified WebSocket client that sends crafted packets (similar to the proof of concept) can help detect the vulnerability. Specific commands include running the websocket-server example with ASAN enabled and using a custom websocket-client to send malicious frames to trigger the crash. [2]

Mitigation Strategies

Immediate mitigation steps include updating the Mongoose library to a version that includes the patch improving offset validation in the WebSocket component (merged in pull request #3131). This patch enhances validation logic to prevent integer overflow and buffer overflows during fragmented WebSocket frame processing. If updating is not immediately possible, consider implementing input validation or filtering at the network perimeter to block suspicious WebSocket frames. Monitoring application logs for crashes related to WebSocket processing and applying vendor patches promptly are also recommended. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-51495. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart