- Description
- libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address resolution when attacker-controlled hostname data is copied into a fixed 256-byte stack buffer without proper bounds checking. A remote attacker can trigger a crash and potentially achieve remote code execution depending on compiler options and runtime memory protections. Exploitation requires the proxy logic to be enabled (i.e., the proxy request handling code path in an application using libcoap).
- Source
- disclosure@vulncheck.com
- NVD status
- Analyzed
- Products
- libcoap
CVSS 4.0
- Type
- Secondary
- Base score
- 8.2
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- Hype score
- Not currently trending
🔶 [HIGH] Libcoap Library Vulnerability Enables Remote Attacks CVE-2025-34468 in li… 🔴 CVE: CVE-2025-34468 🕵️ APT: N/A ⚡ Status: ACTIVE 🎯 MITRE: Execution ⚔️ Critical flaw in IoT communication protocols. 🔗 https://t.co/rmgemJEHFX #m
@MysocAi
23 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [HIGH] CVE-2025-34468: Critical Buffer Overflow in libcoap Library CVE-2025-34468 allow… 🔴 CVE: CVE-2025-34468 🕵️ APT: N/A ⚡ Status: ACTIVE 🎯 MITRE: Exploitation for Privilege Escalation, Exploitation for Defense Evasion ⚔️ Critical flaw; patch to prevent
@MysocAi
23 Feb 2026
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [HIGH] CVE-2025-34468 in libcoap Library Critical buffer over… 🔴 CVE: CVE-2025-34468 🕵️ APT: Unknown ⚡ Status: ACTIVE 🎯 MITRE: Execution, Persistence ⚔️ Impacts IoT devices and applications using libcoap. 🔗 https://t.co/rmgemJEHFX
@MysocAi
23 Feb 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔶 [HIGH] Libcoap Vulnerability Enables Remote Attacks CVE-2025-34468 in li… 🔴 CVE: CVE-2025-34468 🕵️ APT: Unknown ⚡ Status: INACTIVE 🎯 MITRE: Exploitation for Remote Code Execution ⚔️ Impacts IoT and embedded systems. 🔗 https://t.co/LNQ29Ni317
@MysocAi
23 Feb 2026
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-34468 libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address resolution when attacker-controlled hostname dat… https://t.co/nH5L4ZQ0Ks
@CVEnew
31 Dec 2025
115 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:libcoap:libcoap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22875932-4B0B-490A-AE0E-751EBC7CD54A",
"versionEndIncluding": "4.3.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]