Integer Overflow Vulnerability in Mongoose WebSocket Component
CVE-2025-51495

Currently unrated

Key Information:

Vendor: Mongoose
Status: Mongoose WebSocket Component
Vendor: CVE Published:; 29 September 2025

What is CVE-2025-51495?

An integer overflow vulnerability has been identified in the WebSocket component of Mongoose versions 7.5 through 7.17. This vulnerability can be exploited by attackers sending specially crafted WebSocket requests, leading to potential application crashes. Additionally, if the component is integrated incorrectly by downstream vendors, this vulnerability could result in a buffer overflow, exacerbating the issue. It is crucial for developers and organizations using Mongoose to review their integration and update to the latest version to mitigate risks.

References

http://mongoose.com

https://github.com/cesanta/mongoose

https://github.com/cesanta/mongoose/pull/3131

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 29, 2025
Vulnerability Reserved
Jun 16, 2025

JSON