NULL Pointer Dereference Vulnerability in GNU libmicrohttpd Affects Denial-of-Service
CVE-2025-59777

8.7HIGH

Key Information:

Vendor

Gnu Project

Status
Gnu Libbmicrohttpd
Vendor
CVE Published:
10 November 2025

What is CVE-2025-59777?

A NULL pointer dereference vulnerability has been identified in GNU libmicrohttpd versions 1.0.2 and earlier, which can allow an attacker to send specially crafted packets leading to a denial-of-service (DoS) condition. This vulnerability has been addressed in a commit after the v1.0.2 release, highlighting the need for users to update their systems to prevent exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

GNU libbmicrohttpd v1.0.2 and earlier (The vulnerability remains in the source code up until commit ff13abc on the master branch of the libmicrohttpd Git repository

GNU libbmicrohttpd after the v1.0.2 tag.)

References

https://www.gnu.org/software/libmicrohttpd/
https://git.gnunet.org/libmicrohttpd.git/commit/?id=ff13a...
https://jvn.jp/en/jp/JVN76719218/

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

CVSS V3.0

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.