CVE-2025-62689_CVE-2025-62689

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Description

NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service (DoS) condition.

AI Analysis

NULL pointer dereference vulnerability in GNU libmicrohttpd that could cause a denial-of-service (DoS) condition

Basic Information

ID CVE-2025-62689

Source jpcert

Published Nov 10, 2025 at 04:10

Affected Product

Vendor GNU Project

Product GNU libbmicrohttpd

Version v1.0.2 and earlier (The vulnerability remains in the source code up until commit ff13abc on the master branch of the libmicrohttpd Git repository

Affected Versions GNU Project GNU libbmicrohttpd v1.0.2 and earlier (The vulnerability remains in the source code up until commit ff13abc on the master branch of the libmicrohttpd Git repository
GNU Project GNU libbmicrohttpd after the v1.0.2 tag.)

CWE Classification

CWE-122

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor GNU Project

Product GNU libmicrohttpd

Version v1.0.2 and earlier

References

{
    "lastseen": "",
    "description": "NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service (DoS) condition.",
    "published": "2025-11-10T04:10:57.970Z",
    "modified": "2025-11-10T04:10:57.970Z",
    "type": "cve",
    "title": "CVE-2025-62689",
    "source": "jpcert",
    "references": "https://www.gnu.org/software/libmicrohttpd/\nhttps://git.gnunet.org/libmicrohttpd.git/commit/?id=ff13abc1c1d7d2b30d69d5c0bd4a237e1801c50b\nhttps://jvn.jp/en/jp/JVN76719218/",
    "id": "CVE-2025-62689",
    "bulletinFamily": "",
    "cwe": [
        "CWE-122"
    ],
    "cvelist": null,
    "sourceData": "GNU Project GNU libbmicrohttpd v1.0.2 and earlier (The vulnerability remains in the source code up until commit ff13abc on the master branch of the libmicrohttpd Git repository\nGNU Project GNU libbmicrohttpd after the v1.0.2 tag.)",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "GNU libbmicrohttpd",
    "version": "v1.0.2 and earlier (The vulnerability remains in the source code up until commit ff13abc on the master branch of the libmicrohttpd Git repository",
    "vendor": "GNU Project",
    "ai_description": "NULL pointer dereference vulnerability in GNU libmicrohttpd that could cause a denial-of-service (DoS) condition",
    "ai_severity": "High",
    "ai_vendor": "GNU Project",
    "ai_product": "GNU libmicrohttpd",
    "ai_version": "v1.0.2 and earlier",
    "ai_score": 8.7
}