Home > Vulnerability Database > CVE-2025-54574

Mend.io Vulnerability Database

CVE-2025-54574

Good to know:

Date: August 1, 2025

Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable URN access permissions.

Severity Score

9.3

Related Resources (6)

Url: https://github.com/squid-cache/squid/security/advisories/GHSA-w4gv-vw3f-29g3

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-54574

Url: https://security-tracker.debian.org/tracker/CVE-2025-54574

Url: https://github.com/squid-cache/squid/releases/tag/SQUID_6_4

Url: https://github.com/squid-cache/squid/commit/a27bf4b84da23594150c7a86a23435df0b35b988

Url: https://www.mend.io/vulnerability-database/CVE-2025-54574

Severity Score

9.3

Weakness Type (CWE)

Out-of-bounds Write

CWE-787

Heap-based Buffer Overflow

CWE-122

Top Fix

Upgrade Version

Upgrade to version https://github.com/squid-cache/squid.git - SQUID_6_4

Learn More

CVSS v3.1

Base Score:	9.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-54574

Good to know:

Date: August 1, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?