Home > Vulnerability Database > CVE-2025-23020

Mend.io Vulnerability Database

CVE-2025-23020

Good to know:

Date: February 19, 2025

An issue was discovered in Kwik before 0.10.1. A hash collision vulnerability (in the hash table used to manage connections) allows remote attackers to cause a considerable CPU load on the server (a Hash DoS attack) by initiating connections with colliding Source Connection IDs (SCIDs).

Severity Score

5.3

Related Resources (6)

Url: https://github.com/ptrd/kwik/commit/b0733d72bad76bc5d8df2f4a7792ebb2539ebdc8

Url: https://github.com/ptrd/kwik/releases/tag/v0.10.1

Url: https://github.com/ptrd/kwik

Url: https://github.com/ncc-pbottine/QUIC-Hash-Dos-Advisory

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-23020

Url: https://www.mend.io/vulnerability-database/CVE-2025-23020

Severity Score

5.3

Weakness Type (CWE)

Inefficient Algorithmic Complexity

CWE-407

Top Fix

Upgrade Version

Upgrade to version tech.kwik:kwik:0.10.1

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-23020

Good to know:

Date: February 19, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?