CVE-2025-54574
Public on 2025-08-01
Modified on 2025-08-27
Description
Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable URN access permissions.
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | squid | No Fix Planned | ||
| Amazon Linux 2 - Core | squid | Pending Fix | ||
| Amazon Linux 2023 | squid | 2024-04-02 | ALAS2023-2024-578 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 6.8 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N |
| NVD | CVSSv3 | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |