Incorrect Congestion Window Growth in Cloudflare Quiche
CVE-2025-4821

7.5HIGH

Key Information:

Vendor: Cloudflare
Status: Quiche
Vendor: CVE Published:; 18 June 2025

What is CVE-2025-4821?

Cloudflare Quiche has a vulnerability involving incorrect growth of the congestion window, allowing for data transmission at potentially unsuitable rates. An unauthenticated attacker could exploit this flaw by completing a handshake and sending manipulated ACK frames. These frames may cover a wide range of packet numbers, allowing the attacker to interfere with the victim's congestion control state. Consequently, this may lead to excessive growth of the congestion window, exceeding the path's capabilities, and in extreme scenarios, result in an overflow panic due to reaching the internal variable's limit. It's imperative for users to update to Quiche version 0.24.4 or later, which addresses this issue.

Affected Version(s)

quiche <0.24.4

References

https://github.com/cloudflare/quiche/security/advisories/...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2025
Vulnerability Reserved
May 16, 2025