Use After Free Vulnerability in Warmcat Libwebsockets WebSocket Server
CVE-2025-11677

6.3MEDIUM

Key Information:

Vendor: Warmcat
Status: Libwebsockets
Vendor: CVE Published:; 20 October 2025

What is CVE-2025-11677?

A Use After Free vulnerability has been identified in the WebSocket server implementation of Warmcat's libwebsockets. This vulnerability may allow an attacker to exploit specific configurations that utilize a user-defined callback function handling LWS_CALLBACK_HTTP_CONFIRM_UPGRADE. If successfully exploited, it could enable an attacker to cause a denial of service, disrupting the service's normal operations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

libwebsockets 3 <= 4.4.1,4.3.6

References

https://libwebsockets.org/git/libwebsockets/commit?id=2f0...

patchvendor-advisory

https://www.nozominetworks.com/labs/vulnerability-advisor...

third-party-advisory

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Oct 20, 2025
Vulnerability Reserved
Oct 13, 2025

Credit

Raffaele Bova at Nozomi Networks

JSON

Warmcat

What is CVE-2025-11677?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.