Denial-of-Service Vulnerability in vproxy HTTP Proxy Server
CVE-2025-54581
Currently unrated
What is CVE-2025-54581?
vproxy, an HTTP/HTTPS/SOCKS5 proxy server, is vulnerable to a denial-of-service attack due to improper handling of user-controlled data in the HTTP Proxy-Authorization header. In versions 2.3.3 and earlier, if an attacker sets a TTL (time-to-live) value of zero through crafting the username (e.g., 'configuredUser-ttl-0'), it triggers a division by zero error in the modulo operation 'timestamp % ttl'. This results in a server crash, denying service to legitimate users. The issue has been addressed in version 2.4.0.