Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-62689

NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service (DoS) condition.

Published

2025-11-10T05:15:49.087

Last Modified

2025-11-14T18:05:06.277

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.0: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-122

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gnu	libmicrohttpd	< 2025-09-16	Yes

References

https://git.gnunet.org/libmicrohttpd.git/commit/?id=ff13abc1c1d7d2b30d69d5c0bd4a237e1801c50b Patch ([email protected])
https://jvn.jp/en/jp/JVN76719218/ Third Party Advisory ([email protected])
https://www.gnu.org/software/libmicrohttpd/ Product ([email protected])