CVE-2025-21434
published 2025-04-07CVE-2025-21434: Transient DOS may occur while parsing EHT operation IE or EHT capability IE.
PriorityP336high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.23%
13.8th percentile
Transient DOS may occur while parsing EHT operation IE or EHT capability IE.
Affected
124 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | centrifugal_centrifugo_v6 | >= 0 < 6.6.1 | 6.6.1 |
| android | — | — | |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ghsa7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Centrifugo v6.6.0 dependency vulnerabilities
ghsa·2026-02-19·CVSS 7.5
CVE-2025-68121 [HIGH] CWE-1395 Centrifugo v6.6.0 dependency vulnerabilities
Centrifugo v6.6.0 dependency vulnerabilities
### Summary
Centrifugo v6.6.0 binary is compiled with **Go 1.25.5** and
statically links `github.com/quic-go/webtransport-go v0.9.0`, having **7 known
CVEs**
**Go standard library — compiled with Go 1.25.5:**
| CVE | Severity | CVSS | Fixed In |
|-----|----------|------|----------|
| CVE-2025-68121 | **CRITICAL** | 10.0 | Go 1.25.7, 1.24.13 |
| CVE-2025-61726 | HIGH | 7.5 | Go 1.25.6, 1.24.12 |
| CVE-2025-61728 | MEDIUM | 6.5 | Go 1.25.6, 1.24.12 |
| CVE-2025-61730 | MEDIUM | 5.3 | Go 1.25.6, 1.24.12 |
**Direct dependency `github.com/quic-go/webtransport-go` — pinned at v0.9.0
(`go.mod` line 34):**
| CVE | Severity | CVSS | Fixed In |
|-----|----------|------|----------|
| CVE-2026-21434 | MEDIUM | 5.3 | webtransport-go v0.10.0 |
| CVE-202
GHSA
GHSA-59p6-hq92-2jp7: Transient DOS may occur while parsing EHT operation IE or EHT capability IE
ghsa_unreviewed·2025-04-07
CVE-2025-21434 [HIGH] CWE-126 GHSA-59p6-hq92-2jp7: Transient DOS may occur while parsing EHT operation IE or EHT capability IE
Transient DOS may occur while parsing EHT operation IE or EHT capability IE.
Android
CVE-2025-21434: WLAN
vendor_android·2025-04-01·CVSS 7.5
CVE-2025-21434 [HIGH] CVE-2025-21434: WLAN
Android Security Bulletin 2025-04-01
CVE: CVE-2025-21434
Severity: HIGH
Component: WLAN
References: A-388048345
QC-CR#3918068
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-04-07
Published