Resource Consumption Vulnerability in Tor's Onion Service Descriptor Handler
CVE-2025-4444

6.3MEDIUM

Key Information:

Vendor

Tor Project

Status
Tor
Vendor
CVE Published:
18 September 2025

What is CVE-2025-4444?

A security flaw has been identified in Tor versions up to 0.4.7.16 and 0.4.8.17, stemming from an issue with the Onion Service Descriptor Handler. This vulnerability allows for the potential manipulation of resources, leading to inefficient consumption that may affect system performance. The complexity of executing such an attack is notably high, making it difficult to exploit successfully. To mitigate this issue, users are advised to upgrade to versions 0.4.8.18 and 0.4.9.3-alpha.

Affected Version(s)

Tor 0.4.7.0

Tor 0.4.7.1

Tor 0.4.7.2

References

https://vuldb.com/?id.324814
vdb-entry
https://vuldb.com/?ctiid.324814
signaturepermissions-required
https://vuldb.com/?submit.640605
third-party-advisory

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

wocanmei (VulDB User)
.
CVE-2025-4444 : Resource Consumption Vulnerability in Tor's Onion Service Descriptor Handler