cbcvebase.
CVE-2025-54939
published 2025-08-01

CVE-2025-54939: LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak.

PriorityP433high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.77%
51.0th percentile
LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak.

Affected

4 ranges
VendorProductVersion rangeFixed in
litespeedtechlitespeed_web_adc< 3.3.13.3.1
litespeedtechlitespeed_web_server< 6.3.46.3.4
litespeedtechlsquic< 4.3.14.3.1
litespeedtechopenlitespeed< 1.8.41.8.4
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.