CVE-2025-54574 — CRITICAL (9.3)

Q: How severe is CVE-2025-54574?

CVE-2025-54574 has been rated CRITICAL with a CVSS base score of 9.3/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2025-54574?

Check the references section above for vendor advisories and patch information. Affected products include: Squid-Cache Squid.

Vulnerability Description

Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable URN access permissions.

CVSS Score

9.3

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

LOW

Availability

HIGH

Affected Products

Vendor	Product	Versions
Squid-Cache	Squid	< 6.4

Related Weaknesses (CWE)

CWE-122 CWE-787

References

FAQ

What is CVE-2025-54574?

CVE-2025-54574 is a vulnerability with a CVSS score of 9.3 (CRITICAL). Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer man...

How severe is CVE-2025-54574?

CVE-2025-54574 has been rated CRITICAL with a CVSS base score of 9.3/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2025-54574?

Check the references section above for vendor advisories and patch information. Affected products include: Squid-Cache Squid.