CVE-2025-59354
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-17

Last updated on: 2025-09-18

Assigner: GitHub, Inc.

Description
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the DragonFly2 uses a variety of hash functions, including the MD5 hash, for downloaded files. This allows attackers to replace files with malicious ones that have a colliding hash. This vulnerability is fixed in 2.1.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-17
Last Modified
2025-09-18
Generated
2026-06-16
AI Q&A
2025-09-17
EPSS Evaluated
2026-06-14
NVD
CVE-2025-59354
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linuxfoundation dragonfly to 2.1.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-328 The product uses an algorithm that produces a digest (output value) that does not meet security expectations for a hash function that allows an adversary to reasonably determine the original input (preimage attack), find another input that can produce the same hash (2nd preimage attack), or find multiple inputs that evaluate to the same hash (birthday attack).
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects Dragonfly, an open source P2P-based file distribution and image acceleration system. Prior to version 2.1.0, Dragonfly used various hash functions including MD5 to verify downloaded files. Because MD5 is vulnerable to hash collisions, attackers could exploit this by replacing legitimate files with malicious ones that have the same hash value, allowing the malicious files to be accepted as valid.

Impact Analysis

This vulnerability can allow attackers to replace legitimate files distributed by Dragonfly with malicious files that have colliding hashes. This can lead to the execution or distribution of malicious code or corrupted data, potentially compromising system integrity and security.

Mitigation Strategies

Upgrade Dragonfly to version 2.1.0 or later, as this version fixes the vulnerability by removing the use of weak hash functions like MD5 for downloaded files.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-59354. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart