CVE-2025-54349

CWE-1938 documents8 sources
Severity
10.0CRITICAL
EPSS
0.1%
top 84.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
ES Iperf3
Timeline
PublishedAug 3
Latest updateJan 21

Description

In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflow.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:LExploitability: 2.2 | Impact: 3.7

Affected Packages3 packages

CVEListV5es/iperf3< 3.19.1
NVDes/iperf33.23.19.1
Debianiperf3< 3.9-1+deb11u3+3

Patches

Patch: github.com

🔴Vulnerability Details

3
CVEList
CVE-2025-54349: In iperf before 32025-08-03
GHSA
GHSA-8xx8-qrh3-q8mq: In iperf before 32025-08-03
OSV
CVE-2025-54349: In iperf before 32025-08-03

📋Vendor Advisories

4
Ubuntu
iperf3 vulnerabilities2026-01-21
Microsoft
In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflow.2025-08-12
Red Hat
iperf3: iperf Heap Buffer Overflow2025-08-03
Debian
CVE-2025-54349: iperf3 - In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-...2025
CVE-2025-54349 (CRITICAL CVSS 10) | In iperf before 3.19.1 | cvebase.io