Integer Overflow in Tinyproxy Affects User Privacy and Security
CVE-2025-63938

6.5MEDIUM

Key Information:

Vendor: Tinyproxy
Status: Tinyproxy
Vendor: CVE Published:; 26 November 2025

What is CVE-2025-63938?

The integer overflow vulnerability in Tinyproxy occurs in the strip_return_port() function within src/reqs.c. This flaw may allow attackers to manipulate request handling, potentially compromising user privacy and enabling unauthorized access to sensitive information. It's crucial for users and administrators relying on Tinyproxy to apply mitigations and stay informed of any updates addressing this security issue.

References

https://github.com/tinyproxy/tinyproxy/issues/586

https://github.com/tinyproxy/tinyproxy/commit/3c0fde94981...

https://github.com/rayinaw/my-hub/blob/main/CVE-2025-6393...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 26, 2025
Vulnerability Reserved
Oct 27, 2025

CVE-2025-63938 Data

JSON