CVE-2025-54574

critical

Description

Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable URN access permissions.

References

https://securityonline.info/critical-squid-vulnerability-cve-2025-54574-allows-remote-code-execution-data-leakage/

https://github.com/squid-cache/squid/security/advisories/GHSA-w4gv-vw3f-29g3

https://github.com/squid-cache/squid/releases/tag/SQUID_6_4

https://github.com/squid-cache/squid/commit/a27bf4b84da23594150c7a86a23435df0b35b988

Details

Source: Mitre, NVD

Published: 2025-08-01

Updated: 2025-08-26

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00927