Home > Vulnerability Database > CVE-2025-1866

Mend.io Vulnerability Database

CVE-2025-1866

Date: March 3, 2025

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in warmcat libwebsockets allows Pointer Manipulation, potentially leading to out-of-bounds memory access. This issue affects libwebsockets before 4.3.4 and is present in code built specifically for the Win32 platform. By default, the affected code is not executed unless one of the following conditions is met: LWS_WITHOUT_EXTENSIONS (default ON) is manually set to OFF in CMake. LWS_WITH_HTTP_STREAM_COMPRESSION (default OFF) is manually set to ON in CMake. Despite these conditions, when triggered in affected configurations, this vulnerability may allow attackers to manipulate pointers, potentially leading to memory corruption or unexpected behavior.

Severity Score

9.8

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-1866

Url: https://github.com/warmcat/libwebsockets/commit/3f7c79fd57338aca1bf4a1b1f24e324b80d36265

Url: https://www.mend.io/vulnerability-database/CVE-2025-1866

Severity Score

9.8

Weakness Type (CWE)

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-119

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-1866

Date: March 3, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?