Buffer Overflow Vulnerability in CivetWeb Web Server by CivetWeb
CVE-2025-55763

7.5HIGH

Key Information:

Vendor: CivetWeb
Status: CivetWeb
Vendor: CVE Published:; 29 August 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-55763?

The buffer overflow vulnerability present in the URI parser of CivetWeb versions 1.14 through 1.16 allows an attacker to conduct remote code execution via a specially crafted HTTP request. This exploit occurs during the processing of requests and can lead to corruption of heap memory. Consequently, this may enable unauthorized access and control over the server, causing potential service disruptions and unauthorized command execution.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-55763
Created by krispybyte

References

https://github.com/civetweb/civetweb

https://github.com/krispybyte/CVE-2025-55763

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Aug 29, 2025
👾
Exploit known to exist
Aug 29, 2025
Vulnerability published
Aug 29, 2025
Vulnerability Reserved
Aug 16, 2025

CVE-2025-55763 Data

JSON