NULL Pointer Dereference Vulnerability in GNU libmicrohttpd
CVE-2025-62689

8.7HIGH

Key Information:

Vendor: Gnu Project
Status: Gnu Libbmicrohttpd
Vendor: CVE Published:; 10 November 2025

🔔 Create Gnu Project Vulnerability Alert

What is CVE-2025-62689?

A NULL pointer dereference vulnerability has been identified in GNU libmicrohttpd versions up to v1.0.2. This weakness can be exploited by sending specially-crafted packets, leading to a denial-of-service (DoS) condition. It is crucial for users of affected versions to update to secure releases, where this flaw has been addressed in commit ff13abc on the master branch.

Affected Version(s)

GNU libbmicrohttpd v1.0.2 and earlier (The vulnerability remains in the source code up until commit ff13abc on the master branch of the libmicrohttpd Git repository

GNU libbmicrohttpd after the v1.0.2 tag.)

References

https://www.gnu.org/software/libmicrohttpd/

https://git.gnunet.org/libmicrohttpd.git/commit/?id=ff13a...

https://jvn.jp/en/jp/JVN76719218/

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

CVSS V3.0

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 10, 2025
Vulnerability Reserved
Nov 3, 2025

JSON