Home > Vulnerability Database > CVE-2025-52570

Mend.io Vulnerability Database

CVE-2025-52570

Good to know:

Date: June 23, 2025

Letmein is an authenticating port knocker. Prior to version 10.2.1, The connection limiter is implemented incorrectly. It allows an arbitrary amount of simultaneously incoming connections (TCP, UDP and Unix socket) for the services letmeind and letmeinfwd. Therefore, the command line option num-connections is not effective and does not limit the number of simultaneously incoming connections. This issue has been patched in version 10.2.1.

Severity Score

5.3

Related Resources (5)

Url: https://github.com/mbuesch/letmein/security/advisories/GHSA-jpv7-p47h-f43j

Url: https://github.com/mbuesch/letmein

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-52570

Url: https://github.com/mbuesch/letmein/commit/43207cd77580410d97165d1e3c07361ba6f3558c

Url: https://www.mend.io/vulnerability-database/CVE-2025-52570

Severity Score

5.3

Weakness Type (CWE)

Allocation of Resources Without Limits or Throttling

CWE-770

Improper Control of Interaction Frequency

CWE-799

Top Fix

Upgrade Version

Upgrade to version letmeinfwd - 10.2.1;letmein - 10.2.1;https://github.com/mbuesch/letmein.git - letmein-10.2.1

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-52570

Good to know:

Date: June 23, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?