NULL Pointer Dereference Vulnerability in GNU libmicrohttpd
CVE-2025-62689

8.7HIGH

Key Information:

Vendor: Gnu Project
Status: Gnu Libbmicrohttpd
Vendor: CVE Published:; 10 November 2025

🔔 Create Gnu Project Vulnerability Alert

What is CVE-2025-62689?

A NULL pointer dereference vulnerability has been identified in GNU libmicrohttpd versions up to v1.0.2. This weakness can be exploited by sending specially-crafted packets, leading to a denial-of-service (DoS) condition. It is crucial for users of affected versions to update to secure releases, where this flaw has been addressed in commit ff13abc on the master branch.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

GNU libbmicrohttpd v1.0.2 and earlier (The vulnerability remains in the source code up until commit ff13abc on the master branch of the libmicrohttpd Git repository

GNU libbmicrohttpd after the v1.0.2 tag.)

References

https://www.gnu.org/software/libmicrohttpd/

https://git.gnunet.org/libmicrohttpd.git/commit/?id=ff13a...

https://jvn.jp/en/jp/JVN76719218/

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

CVSS V3.0

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 10, 2025
Vulnerability Reserved
Nov 3, 2025

JSON

Gnu Project

What is CVE-2025-62689?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

CVSS V3.0

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.