AI description
CVE-2025-54574 is a vulnerability affecting Squid, a caching proxy for the Web. Specifically, versions 6.3 and below are susceptible to a heap buffer overflow due to incorrect buffer management when processing Uniform Resource Names (URNs). This flaw can be triggered when Squid receives a Trivial-HTTP response containing a URN. Successful exploitation of CVE-2025-54574 can lead to remote code execution, potentially allowing attackers to gain control over affected Squid proxy servers. Additionally, the vulnerability can cause Squid to unintentionally leak up to 4KB of heap memory back to the client, potentially exposing sensitive information like credentials or configuration data. Version 6.4 addresses this issue.
- Description
- Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable URN access permissions.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.3
- Impact score
- 4.7
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-122
- Hype score
- Not currently trending
I had reported CVE-2025-54574 (Squid heap overflow) to @Hacker0x01’s Internet Bug Bounty in July. GHSA + CVE are public, but no acknowledgment or response yet from IBB. Is the program still active? #infosec #cybersecurity #bugbounty #HackerOne #BugBountyCommunity
@starrynight_sec
18 Aug 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
I reported a vulnerability to HackerOne’s Internet Bug Bounty program on July 3. It was assigned CVE-2025-54574 and GHSA-w4gv-vw3f-29g3. I’m officially listed as the discoverer. Despite multiple follow-ups, there’s still no response. Can @Hacker0x01 help? #bugbounty #info
@starrynight_sec
5 Aug 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨Upozorňujeme na zranitelnost ve Squid, CVE-2025-54574, která umožňuje útočníkovi spouštět libovolný kód, a to bez jakékoliv interakce s uživatelem. RCE zranitelnost je způsobena chybou přetečení paměti v mechanismu zpracování URN (Uniform Resource Name) v
@GOVCERT_CZ
5 Aug 2025
778 Impressions
3 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2002-0741 2 - CVE-2024-27867 3 - CVE-2025-49704 4 - CVE-2025-54135 5 - CVE-2025-54574 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
4 Aug 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Squid Projectは脆弱性CVE-2025-54574について緊急アドバイザリを発表した。 この脆弱性は、SquidがURN(Uniform Resource Name)レスポンスを処理する際のバッファ管理ミスに起因し、ヒープバッファオーバーフローとリモ
@yousukezan
4 Aug 2025
2396 Impressions
2 Retweets
17 Likes
3 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-54574 Critical Squid Vulnerability Allows Remote Code Execution & Data Leakage 🎯53M+Results are found on the https://t.co/pb16tGYaKe nearly year 🔗FOFA Link:https://t.co/SSV7IHqVDf FOFA Query:app="squid" 🔖Refer:https://t.co/PgiTpDIQF4 #OSINT #FOF
@fofabot
4 Aug 2025
1474 Impressions
4 Retweets
24 Likes
9 Bookmarks
0 Replies
0 Quotes
🚨🚨CVE-2025-54574 (CVSS 9.3) : Squid Proxy flaw in URN handling could allow remote code injection and leak up to 4KB of heap memory. Search by vul.cve Filter👉vul.cve="CVE-2025-54574" ZoomEye Dork👉app="Squid" Over 42.6M potential targets on ZoomEye. ZoomEye Link: https
@zoomeye_team
4 Aug 2025
2165 Impressions
7 Retweets
27 Likes
6 Bookmarks
0 Replies
0 Quotes
プロキシサーバSquidで重大(Critical)な脆弱性が修正。CVE-2025-54574はCVSSスコア9.3で、ヒープベースのバッファオーバーフロー。Uniform Resource Name (URN)の取扱時におけるメモリ割り当ての不備。バージョン6.4で修正。4
@__kokumoto
4 Aug 2025
1357 Impressions
1 Retweet
14 Likes
4 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 :CVE-2025-54574:Critical Squid Vulnerability Allows Remote Code Execution & Data Leakage 📊66.9M+ Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/lZNz4Yy6Dd 👇Query HUNTER : https://t.co/q9rtuGfZuz="Squid" FOFA : produc
@HunterMapping
4 Aug 2025
4646 Impressions
29 Retweets
78 Likes
34 Bookmarks
0 Replies
0 Quotes
URN処理時にバッファオーバーフロー。CVE-2025-54574。CVSSv3.1 9.3:【セキュリティ ニュース】プロキシサーバ「Squid」に深刻な脆弱性 - アップデートで修正(1ページ目 / 全1ページ):Security NEXT https://t.co/uUrf6FhGou
@tamosan
4 Aug 2025
143 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CRITICAL: CVE-2025-54574 impacts squid-cache (<6.4) with heap overflow risk—remote code execution possible! Upgrade ASAP or disable URN access. Protect your proxies now. https://t.co/5FktM12RQr #OffSeq #CVE2... https://t.co/k4jntZE5yy
@offseq
2 Aug 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-54574 Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processi… https://t.co/JyKGTqV3PT
@CVEnew
1 Aug 2025
328 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-54574: CRITICAL] Squid 6.3 and below are vulnerable to heap buffer overflow and remote code execution via URN. Upgrade to version 6.4 or disable URN access permissions for protection.#cve,CVE-2025-54574,#cybersecurity https://t.co/gCbKgFBK8l https://t.co/eST6pTg1MM
@CveFindCom
1 Aug 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes