Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-59777

NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service (DoS) condition.

Published

2025-11-10T05:15:44.117

Last Modified

2025-11-14T18:07:33.753

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.0: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-476

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gnu	libmicrohttpd	< 2025-09-16	Yes

References

https://git.gnunet.org/libmicrohttpd.git/commit/?id=ff13abc1c1d7d2b30d69d5c0bd4a237e1801c50b Patch ([email protected])
https://jvn.jp/en/jp/JVN76719218/ Third Party Advisory ([email protected])
https://www.gnu.org/software/libmicrohttpd/ Product ([email protected])