Memory Leak Vulnerability in LibHTP Affects HTTP Protocol Processing
CVE-2025-53537

7.5HIGH

Key Information:

Vendor: Oisf
Status: Libhtp
Vendor: CVE Published:; 23 July 2025

What is CVE-2025-53537?

LibHTP, a parser designed for secure HTTP protocol processing, contains a memory leak in versions 0.5.50 and earlier. This vulnerability allows for traffic-induced memory leaks, potentially leading to a significant depletion of memory resources. Such a condition can result in degraded performance and loss of visibility for services relying on LibHTP. To mitigate this issue, users are advised to disable the LZMA compression option by modifying the configuration in suricata.yaml. This vulnerability has been addressed in LibHTP version 0.5.51.

Affected Version(s)

libhtp < 0.5.51

References

https://github.com/OISF/libhtp/security/advisories/GHSA-v...

x_refsource_CONFIRM

https://github.com/OISF/libhtp/commit/9037ea35110a0d97be5...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 23, 2025
Vulnerability Reserved
Jul 2, 2025

Oisf

What is CVE-2025-53537?

Affected Version(s)

References

CVSS V3.1

Timeline