Integer Overflow Vulnerability in Big Requests Extension from Red Hat
CVE-2025-49176

6.6MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 17 June 2025

What is CVE-2025-49176?

A vulnerability exists in the Big Requests extension that could lead to an integer overflow due to the request length being multiplied by four before it is compared to the maximum allowable size. This design flaw creates a potential avenue for attackers to bypass the intended size restrictions, which could lead to improper handling of requests and undermine system integrity.

References

https://access.redhat.com/security/cve/CVE-2025-49176

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2369954

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2025
Vulnerability Reserved
Jun 3, 2025

Credit

Red Hat would like to thank Julian Suleder and Nils Emmerich for reporting this issue.