Vulnerability Description
Use After Free in WebSocket server implementation in lws_handshake_server in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that handles LWS_CALLBACK_HTTP_CONFIRM_UPGRADE, to achieve denial of service.
Related Weaknesses (CWE)
References
- https://libwebsockets.org/git/libwebsockets/commit?id=2f082ec31261f556969160143b
- https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-11677
FAQ
What is CVE-2025-11677?
CVE-2025-11677 is a documented vulnerability. Use After Free in WebSocket server implementation in lws_handshake_server in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that ha...
How severe is CVE-2025-11677?
CVSS scoring is not yet available for CVE-2025-11677. Check NVD for updates.
Is there a patch for CVE-2025-11677?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.