CVE-2025-59391

Published Dec 8, 2025

Last updated 3 months ago

CVSS medium 6.5

Overview

Description: A memory disclosure vulnerability exists in libcoap's OSCORE configuration parser in libcoap before release-4.3.5-patches. An out-of-bounds read may occur when parsing certain configuration values, allowing an attacker to infer or read memory beyond string boundaries in the .rodata section. This could potentially lead to information disclosure or denial of service.
Source: cve@mitre.org
NVD status: Analyzed
Products: libcoap

Risk scores

CVSS 3.1

Type: Secondary
Base score: 6.5
Impact score: 2.5
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Severity: MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-125

Hype score: Not currently trending

CVE-2025-59391 A memory disclosure vulnerability exists in libcoap's OSCORE configuration parser in libcoap before release-4.3.5-patches. An out-of-bounds read may occur when parsin… https://t.co/RtdjlClbMQ
@CVEnew
8 Dec 2025
295 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:libcoap:libcoap:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "8519F781-B2B5-48CA-BE86-B187221928B6",
            "versionEndExcluding": "4.3.5a",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References