exploitDog

CVE-2025-51495

Опубликовано: 29 сент. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

An integer overflow vulnerability exists in the WebSocket component of Mongoose 7.5 thru 7.17. By sending a specially crafted WebSocket request, an attacker can cause the application to crash. If downstream vendors integrate this component improperly, the issue may lead to a buffer overflow.

Ссылки

https://github.com/cainiao159357/CVE-2025-51495
Exploit
https://github.com/cesanta/mongoose
Product
https://github.com/cesanta/mongoose/pull/3131
Issue Tracking
Patch

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cesanta:mongoose:*:*:*:*:*:*:*:*

Версия от 7.5 (включая) до 7.17 (включая)

EPSS

Процентиль: 50%

0.00263

Низкий

7.5 High

CVSS3

Дефекты

CWE-190

Связанные уязвимости

CVE-2025-51495

CVSS3: 7.5

redhat

6 месяцев назад

An integer overflow vulnerability exists in the WebSocket component of Mongoose 7.5 thru 7.17. By sending a specially crafted WebSocket request, an attacker can cause the application to crash. If downstream vendors integrate this component improperly, the issue may lead to a buffer overflow.

GHSA-83rc-g55p-8xj2

CVSS3: 7.5

github

6 месяцев назад

An integer overflow vulnerability exists in the WebSocket component of Mongoose 7.5 thru 7.17. By sending a specially crafted WebSocket request, an attacker can cause the application to crash. If downstream vendors integrate this component improperly, the issue may lead to a buffer overflow.

EPSS

Процентиль: 50%

0.00263

Низкий

7.5 High

CVSS3

Дефекты

CWE-190