CVE-2025-54574
Squid's URN Handling can lead to Buffer Overflow
In short
Squid, a web caching proxy, has a critical flaw in how it handles URN requests that can cause a heap buffer overflow, potentially allowing attackers to execute malicious code remotely on vulnerable systems.
Technical detail
A heap buffer overflow exists in Squid versions ≤6.3 during URN processing due to improper buffer management. Remote attackers can trigger this vulnerability by sending specially crafted URN requests, potentially achieving remote code execution without authentication. The vulnerability is fixed in version 6.4.
Summary generated and translated by AI from the official description.
Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable URN access permissions.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H
Affected products
squid-cache · squidpublic PoCs found — 2
githubgithub.com/gmh5225/Blackash-CVE-2025-54574★ 0githubgithub.com/starrynightsecurity/CVE-2025-54574-Squid-Heap-Buffer-Overflow★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/squid-cache/squid/commit/a27bf4b84da23594150c7a86a23435df0b35b988https://github.com/squid-cache/squid/releases/tag/SQUID_6_4https://github.com/squid-cache/squid/security/advisories/GHSA-w4gv-vw3f-29g3https://lists.debian.org/debian-lts-announce/2025/09/msg00027.htmlhttp://www.openwall.com/lists/oss-security/2025/11/05/5