CVE-2025-59353 — HIGH (7.5)

Q: How severe is CVE-2025-59353?

CVE-2025-59353 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-59353?

Check the references section above for vendor advisories and patch information. Affected products include: Linuxfoundation Dragonfly.

Vulnerability Description

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, a peer can obtain a valid TLS certificate for arbitrary IP addresses, effectively rendering the mTLS authentication useless. The issue is that the Manager’s Certificate gRPC service does not validate if the requested IP addresses “belong to” the peer requesting the certificate—that is, if the peer connects from the same IP address as the one provided in the certificate request. This vulnerability is fixed in 2.1.0.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Linuxfoundation	Dragonfly	< 2.1.0

Related Weaknesses (CWE)

CWE-295 CWE-862

References

FAQ

What is CVE-2025-59353?

CVE-2025-59353 is a vulnerability with a CVSS score of 7.5 (HIGH). Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, a peer can obtain a valid TLS certificate for arbitrary IP addresses, effectively rendering the m...

How severe is CVE-2025-59353?

CVE-2025-59353 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-59353?

Check the references section above for vendor advisories and patch information. Affected products include: Linuxfoundation Dragonfly.