Denial-of-Service Vulnerability in Dragonfly File Distribution System
CVE-2025-59348

5.5MEDIUM

Key Information:

Vendor: Dragonflyoss
Status: Dragonfly
Vendor: CVE Published:; 17 September 2025

🔔 Create Dragonflyoss Vulnerability Alert

What is CVE-2025-59348?

Dragonfly, an open-source P2P-based file distribution and image acceleration system, contains a vulnerability in its processPieceFromSource method that fails to correctly update the usedTraffic field. This oversight is due to the use of an uninitialized variable as a guard for traffic management, which results in improper rate limiting. Consequently, this flaw can lead to a denial-of-service condition affecting the peer in the network. The issue has been addressed in version 2.1.0 of Dragonfly.

Affected Version(s)

dragonfly < 2.1.0

References

https://github.com/dragonflyoss/dragonfly/security/adviso...

x_refsource_CONFIRM

https://github.com/dragonflyoss/dragonfly/blob/main/docs/...

x_refsource_MISC

CVSS V4

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 17, 2025
Vulnerability Reserved
Sep 12, 2025