CVE-2025-54574CRITICAL 9.8EPSS p97.5%

CVE-2025-54574CVE-2025-54574

Description

Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable URN access permissions.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS23.46% probability of exploitation · percentile 97.5% · 2026-06-18T12:00:27Z
Published2025-08-01
Last modified2025-11-05

Underlying weaknesses· 2

CWE-122CWE-787

References

  1. https://github.com/squid-cache/squid/commit/a27bf4b84da23594150c7a86a23435df0b35b988
  2. https://github.com/squid-cache/squid/releases/tag/SQUID_6_4
  3. https://github.com/squid-cache/squid/security/advisories/GHSA-w4gv-vw3f-29g3
  4. http://www.openwall.com/lists/oss-security/2025/11/05/5
  5. https://lists.debian.org/debian-lts-announce/2025/09/msg00027.html

2

TypeTargetConfidenceTier
WeaknessHeap-based Buffer Overflowcwe-1220%live
WeaknessOut-of-bounds Writecwe-7870%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-34355
CVE
CVE-2025-34468
CVE
CVE-2025-1744
CVE
CVE-2025-1864
CVE
CVE-2025-34523
CVE
CVE-2025-34522
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.