CVE-2025-54574 — Heap-based Buffer Overflow in Squid

CWE-122 — Heap-based Buffer Overflow CWE-787 — Out-of-bounds Write5 documents5 sources

Severity

9.8CRITICALNVD

CNA9.3

EPSS

3.2%

top 12.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Squid-cache Squid Squid

Timeline

PublishedAug 1

Description

Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable URN access permissions.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5squid-cache/squid< 6.4

▶NVDsquid-cache/squid< 6.4

▶Debiansquid/squid< 4.13-10+deb11u5+3

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2025-54574: Squid is a caching proxy for the Web↗2025-08-01

▶

CVEList

Squid's URN Handling can lead to Buffer Overflow↗2025-08-01

▶

📋Vendor Advisories

Red Hat

squid-cache: Squid Buffer Overflow↗2025-08-01

▶

Debian

CVE-2025-54574: squid - Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulner...↗2025

▶