Denial of Service Vulnerability in py-libp2p by libp2p
CVE-2025-29606

4.3MEDIUM

Key Information:

Vendor: Libp2p
Status: Py-libp2p
Vendor: CVE Published:; 14 July 2025

What is CVE-2025-29606?

A vulnerability in py-libp2p versions before 0.2.3 allows attackers to cause a denial of service condition by leveraging large RSA keys. This design flaw enables a peer to exhaust server resources, potentially leading to service disruption. Users of the specified version should update to the latest version to mitigate potential exploits.

Affected Version(s)

py-libp2p 0 < 0.2.3

References

https://github.com/libp2p/py-libp2p/issues/526

https://github.com/libp2p/py-libp2p/pull/531/files

https://github.com/libp2p/py-libp2p/compare/v0.2.2...v0.2.3

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 14, 2025
Vulnerability Reserved
Mar 11, 2025

Libp2p

What is CVE-2025-29606?

Affected Version(s)

References

CVSS V3.1

Timeline