Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-33515

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-26 Mar, 2026 | 00:13
Updated At-26 Mar, 2026 | 14:19
Rejected At-
Credits

Squid has issues in ICP message handling

Squid is a caching proxy for the Web. Prior to version 7.5, due to improper input validation, Squid is vulnerable to out of bounds read when handling ICP traffic. This problem allows a remote attacker to receive small amounts of memory potentially containing sensitive information when responding with errors to invalid ICP requests. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem cannot be mitigated by denying ICP queries using `icp_access` rules. Version 7.5 contains a patch.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:26 Mar, 2026 | 00:13
Updated At:26 Mar, 2026 | 14:19
Rejected At:
▼CVE Numbering Authority (CNA)
Squid has issues in ICP message handling

Squid is a caching proxy for the Web. Prior to version 7.5, due to improper input validation, Squid is vulnerable to out of bounds read when handling ICP traffic. This problem allows a remote attacker to receive small amounts of memory potentially containing sensitive information when responding with errors to invalid ICP requests. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem cannot be mitigated by denying ICP queries using `icp_access` rules. Version 7.5 contains a patch.

Affected Products
Vendor
Squid Cachesquid-cache
Product
squid
Versions
Affected
  • < 7.5
Problem Types
TypeCWE IDDescription
CWECWE-125CWE-125: Out-of-bounds Read
CWECWE-1289CWE-1289: Improper Validation of Unsafe Equivalence in Input
Type: CWE
CWE ID: CWE-125
Description: CWE-125: Out-of-bounds Read
Type: CWE
CWE ID: CWE-1289
Description: CWE-1289: Improper Validation of Unsafe Equivalence in Input
Metrics
VersionBase scoreBase severityVector
4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/squid-cache/squid/security/advisories/GHSA-84p4-hcx7-jj7c
x_refsource_CONFIRM
https://github.com/squid-cache/squid/pull/2220
x_refsource_MISC
https://github.com/squid-cache/squid/pull/2220#discussion_r2727683637
x_refsource_MISC
https://github.com/squid-cache/squid/commit/8138e909d2058d4401e0ad49b583afaec912b165
x_refsource_MISC
Hyperlink: https://github.com/squid-cache/squid/security/advisories/GHSA-84p4-hcx7-jj7c
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/squid-cache/squid/pull/2220
Resource:
x_refsource_MISC
Hyperlink: https://github.com/squid-cache/squid/pull/2220#discussion_r2727683637
Resource:
x_refsource_MISC
Hyperlink: https://github.com/squid-cache/squid/commit/8138e909d2058d4401e0ad49b583afaec912b165
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.openwall.com/lists/oss-security/2026/03/25/4
N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2026/03/25/4
Resource: N/A
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:26 Mar, 2026 | 01:16
Updated At:31 Mar, 2026 | 01:22

Squid is a caching proxy for the Web. Prior to version 7.5, due to improper input validation, Squid is vulnerable to out of bounds read when handling ICP traffic. This problem allows a remote attacker to receive small amounts of memory potentially containing sensitive information when responding with errors to invalid ICP requests. This attack is limited to Squid deployments that explicitly enable ICP support (i.e. configure non-zero `icp_port`). This problem cannot be mitigated by denying ICP queries using `icp_access` rules. Version 7.5 contains a patch.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Type: Secondary
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CPE Matches
Squid Cache
squid-cache
>>squid>>Versions before 7.5(exclusive)
cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-125Primarysecurity-advisories@github.com
CWE-1289Primarysecurity-advisories@github.com
CWE ID: CWE-125
Type: Primary
Source: security-advisories@github.com
CWE ID: CWE-1289
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/squid-cache/squid/commit/8138e909d2058d4401e0ad49b583afaec912b165security-advisories@github.com
Patch
https://github.com/squid-cache/squid/pull/2220security-advisories@github.com
Issue Tracking
https://github.com/squid-cache/squid/pull/2220#discussion_r2727683637security-advisories@github.com
Issue Tracking
https://github.com/squid-cache/squid/security/advisories/GHSA-84p4-hcx7-jj7csecurity-advisories@github.com
Vendor Advisory
http://www.openwall.com/lists/oss-security/2026/03/25/4af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Mailing List
Hyperlink: https://github.com/squid-cache/squid/commit/8138e909d2058d4401e0ad49b583afaec912b165
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/squid-cache/squid/pull/2220
Source: security-advisories@github.com
Resource:
Issue Tracking
Hyperlink: https://github.com/squid-cache/squid/pull/2220#discussion_r2727683637
Source: security-advisories@github.com
Resource:
Issue Tracking
Hyperlink: https://github.com/squid-cache/squid/security/advisories/GHSA-84p4-hcx7-jj7c
Source: security-advisories@github.com
Resource:
Vendor Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2026/03/25/4
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Mailing List

Change History

0
Information is not available yet

Similar CVEs

13Records found
CVE-2023-46724
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-0.45% / 63.56%
||
7 Day CHG~0.00%
Published-01 Nov, 2023 | 19:09
Updated-13 Feb, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQUID-2023:4 Denial of Service in SSL Certificate validation

Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages.

Action-Not Available
Vendor-Squid Cache
Product-squidsquid
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-1285
Improper Validation of Specified Index, Position, or Offset in Input
CWE ID-CWE-129
Improper Validation of Array Index
CWE ID-CWE-295
Improper Certificate Validation
CWE ID-CWE-786
Access of Memory Location Before Start of Buffer
CWE ID-CWE-823
Use of Out-of-range Pointer Offset
CVE-2023-49285
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-8.6||HIGH
EPSS-9.62% / 92.91%
||
7 Day CHG~0.00%
Published-04 Dec, 2023 | 22:56
Updated-13 Feb, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service in HTTP Message Processing in Squid

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Buffer Overread bug Squid is vulnerable to a Denial of Service attack against Squid HTTP Message processing. This bug is fixed by Squid version 6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-Squid Cache
Product-squidsquid
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-28116
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-3.7||LOW
EPSS-10.51% / 93.29%
||
7 Day CHG~0.00%
Published-09 Mar, 2021 | 21:44
Updated-03 Aug, 2024 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.

Action-Not Available
Vendor-n/aSquid CacheDebian GNU/LinuxFedora Project
Product-squiddebian_linuxfedoran/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-12529
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-15.96% / 94.79%
||
7 Day CHG~0.00%
Published-11 Jul, 2019 | 18:33
Updated-04 Aug, 2024 | 23:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Squid 2.x through 2.7.STABLE9, 3.x through 3.5.28, and 4.x through 4.7. When Squid is configured to use Basic Authentication, the Proxy-Authorization header is parsed via uudecode. uudecode determines how many bytes will be decoded by iterating over the input and checking its table. The length is then used to start decoding the string. There are no checks to ensure that the length it calculates isn't greater than the input buffer. This leads to adjacent memory being decoded as well. An attacker would not be able to retrieve the decoded data unless the Squid maintainer had configured the display of usernames on error pages.

Action-Not Available
Vendor-n/aopenSUSESquid CacheCanonical Ltd.Debian GNU/LinuxFedora Project
Product-ubuntu_linuxdebian_linuxsquidfedoraleapn/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-32100
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 12.47%
||
7 Day CHG~0.00%
Published-02 Sep, 2025 | 00:00
Updated-05 Sep, 2025 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. A programming mistake for buffer copy leads to out-of-bounds writes via malformed ROHC packets.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_w1000exynos_1080exynos_2400_firmwaremodem_5123_firmwaremodem_5400_firmwareexynos_850exynos_990exynos_1580exynos_2400exynos_1380exynos_1330modem_5123exynos_980_firmwareexynos_2100exynos_9110_firmwaremodem_5400exynos_w1000_firmwareexynos_850_firmwareexynos_1330_firmwareexynos_990_firmwareexynos_1380_firmwareexynos_w930exynos_w920_firmwareexynos_9110exynos_1480_firmwareexynos_1280exynos_1480exynos_1080_firmwareexynos_2100_firmwareexynos_980exynos_1580_firmwaremodem_5300exynos_2200_firmwareexynos_1280_firmwareexynos_2200exynos_w920exynos_w930_firmwaremodem_5300_firmwaren/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-0016
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 33.42%
||
7 Day CHG~0.00%
Published-16 Feb, 2024 | 19:33
Updated-16 Dec, 2024 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In multiple locations, there is a possible out of bounds read due to a missing bounds check. This could lead to paired device information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-androidAndroid
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-11207
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 15.75%
||
7 Day CHG~0.00%
Published-06 Nov, 2025 | 22:08
Updated-13 Nov, 2025 | 15:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Side-channel information leakage in Storage in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Linux Kernel Organization, IncApple Inc.Google LLCMicrosoft Corporation
Product-chromewindowsmacoslinux_kernelChrome
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-1300
Improper Protection of Physical Side Channels
CVE-2025-0437
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 19.79%
||
7 Day CHG~0.00%
Published-15 Jan, 2025 | 10:58
Updated-03 Feb, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds read in Metrics in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-56427
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 52.83%
||
7 Day CHG~0.00%
Published-14 May, 2025 | 00:00
Updated-01 Jul, 2025 | 15:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The lack of a length check leads to out-of-bounds access via malformed RRC packets to the target.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1380_firmwareexynos_1480_firmwareexynos_modem_5400exynos_modem_5123_firmwareexynos_2200exynos_w920_firmwareexynos_2400exynos_modem_5300exynos_1330_firmwareexynos_990exynos_850_firmwareexynos_w930_firmwareexynos_980exynos_1280exynos_990_firmwareexynos_9110_firmwareexynos_1080_firmwareexynos_w1000_firmwareexynos_1380exynos_9110exynos_2400_firmwareexynos_850exynos_1080exynos_w930exynos_2100exynos_1280_firmwareexynos_1330exynos_980_firmwareexynos_2200_firmwareexynos_modem_5123exynos_w920exynos_modem_5400_firmwareexynos_2100_firmwareexynos_1480exynos_modem_5300_firmwareexynos_w1000n/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-49197
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 52.83%
||
7 Day CHG~0.00%
Published-27 May, 2025 | 00:00
Updated-29 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Wi-Fi in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, W920, W930, and W1000. Lack of a boundary check in STOP_KEEP_ALIVE_OFFLOAD leads to out-of-bounds access.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-1669
Matching Score-4
Assigner-Chrome
ShareView Details
Matching Score-4
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-0.34% / 56.93%
||
7 Day CHG~0.00%
Published-21 Feb, 2024 | 03:14
Updated-13 Feb, 2025 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds memory access in Blink in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChrome
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-2784
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7||HIGH
EPSS-2.15% / 84.31%
||
7 Day CHG~0.00%
Published-03 Apr, 2025 | 01:40
Updated-18 Nov, 2025 | 09:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libsoup: heap buffer over-read in `skip_insignificant_space` when sniffing content

A flaw was found in libsoup. The package is vulnerable to a heap buffer over-read when sniffing content via the skip_insight_whitespace() function. Libsoup clients may read one byte out-of-bounds in response to a crafted HTTP response by an HTTP server.

Action-Not Available
Vendor-Red Hat, Inc.The GNOME Project
Product-enterprise_linux_server_auscodeready_linux_builder_for_power_little_endianenterprise_linux_for_power_little_endianenterprise_linux_servercodeready_linux_builder_for_ibm_z_systemsenterprise_linux_for_power_little_endian_eusenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionslibsoupcodeready_linux_buildercodeready_linux_builder_for_arm64enterprise_linux_update_services_for_sap_solutionsenterprise_linux_for_ibm_z_systemscodeready_linux_builder_for_power_little_endian_eusenterprise_linux_eusenterprise_linux_for_arm_64_eusenterprise_linux_for_ibm_z_systems_eusenterprise_linuxenterprise_linux_server_tuscodeready_linux_builder_for_arm64_eusenterprise_linux_for_arm_64codeready_linux_builder_for_ibm_z_systems_eusRed Hat Enterprise Linux 10Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 8Red Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.2 Advanced Update Support
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-63523
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 13.85%
||
7 Day CHG-0.02%
Published-01 Dec, 2025 | 00:00
Updated-02 Dec, 2025 | 03:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FeehiCMS version 2.1.1 fails to enforce server-side immutability for parameters that are presented to clients as "read-only." An authenticated attacker can intercept and modify the parameter in transit and the backend accepts the changes. This can lead to unintended username changes.

Action-Not Available
Vendor-feehin/a
Product-feehicmsn/a
CWE ID-CWE-125
Out-of-bounds Read
Details not found