Heap Buffer Overflow in Squid Caching Proxy by Squid Software
CVE-2025-54574

9.3CRITICAL

Key Information:

Vendor

Squid-cache

Status
Squid
Vendor
CVE Published:
1 August 2025

What is CVE-2025-54574?

The Squid caching proxy software, used widely for improving web performance, is susceptible to a heap buffer overflow vulnerability in versions 6.3 and below. This flaw arises from improper buffer management when processing URN requests, potentially allowing attackers to execute arbitrary code remotely. To mitigate this risk, users are advised to upgrade to version 6.4 or later, or disable URN access permissions. For further details, refer to the advisory and updates provided by Squid Software.

Affected Version(s)

squid < 6.4

References

https://github.com/squid-cache/squid/security/advisories/...
x_refsource_CONFIRM
https://github.com/squid-cache/squid/commit/a27bf4b84da23...
x_refsource_MISC
https://github.com/squid-cache/squid/releases/tag/SQUID_6_4
x_refsource_MISC

CVSS V3.1

Score:
9.3
Severity:
CRITICAL
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.