NULL Pointer Dereference Vulnerability in GNU libmicrohttpd Affects Denial-of-Service
CVE-2025-59777

8.7HIGH

Key Information:

Vendor: Gnu Project
Status: Gnu Libbmicrohttpd
Vendor: CVE Published:; 10 November 2025

🔔 Create Gnu Project Vulnerability Alert

What is CVE-2025-59777?

A NULL pointer dereference vulnerability has been identified in GNU libmicrohttpd versions 1.0.2 and earlier, which can allow an attacker to send specially crafted packets leading to a denial-of-service (DoS) condition. This vulnerability has been addressed in a commit after the v1.0.2 release, highlighting the need for users to update their systems to prevent exploitation.

Affected Version(s)

GNU libbmicrohttpd v1.0.2 and earlier (The vulnerability remains in the source code up until commit ff13abc on the master branch of the libmicrohttpd Git repository

GNU libbmicrohttpd after the v1.0.2 tag.)

References

https://www.gnu.org/software/libmicrohttpd/

https://git.gnunet.org/libmicrohttpd.git/commit/?id=ff13a...

https://jvn.jp/en/jp/JVN76719218/

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

CVSS V3.0

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 10, 2025
Vulnerability Reserved
Nov 3, 2025

JSON