Use-After-Free Vulnerability in Libcoap Affects Multiple Versions
CVE-2025-50518

9.8CRITICAL

Key Information:

Vendor: Libcoap
Status: Libcoap Library
Vendor: CVE Published:; 14 August 2025

What is CVE-2025-50518?

A use-after-free vulnerability identified in the coap_delete_pdu_lkd function within the libcoap library can lead to improper handling of memory. This vulnerability arises when the memory associated with a Protocol Data Unit (PDU) is freed, yet subsequent operations attempt to access the now-invalid memory. This flaw could potentially enable an attacker to cause memory corruption or execute arbitrary code, posing significant risks to systems utilizing affected versions of the Libcoap library.

References

https://github.com/IreneTheITCrowd/blog/blob/main/libcoap...

https://github.com/IreneTheITCrowd/blog/issues/1

https://github.com/obgm/libcoap/issues/1724#issuecomment-...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 14, 2025
Vulnerability Reserved
Jun 16, 2025

CVE-2025-50518 Data

JSON