CVE-2025-23016

CRITICAL

Published 2025-01-10T00:00:00.000Z

Actions:

CVSS Score

V3.1

9.3

/10

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Base Score Metrics

Exploitability: N/A Impact: N/A

EPSS Score

v2023.03.01

0.000

probability

of exploitation in the wild

There is a 0.0% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-01-25

Exploit Probability

Percentile: 0.114

Higher than 11.4% of all CVEs

Attack Vector Metrics

Attack Vector

Not Available

Attack Complexity

Not Available

Privileges Required

Not Available

User Interaction

Not Available

Scope

Not Available

Impact Metrics

Confidentiality

Not Available

Integrity

Not Available

Availability

Not Available

Description

FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.

Available Exploits

No exploits available for this CVE.

Security researcher Baptiste Mayaud from Synacktiv has detailed a critical vulnerability in the FastCGI library, tracked as CVE-2025-23016 The post CVE-2025-23016: Critical FastCGI Heap Overflow Threatens Embedded Devices, PoC Releases appeared first on Daily CyberSecurity.

SecurityOnline.info 2025-04-28 00:26

(2025.04.25) (various)

fastcgi CVE-2025-23016: Integer & buffer overflow in fastcgi (oss-sec ML, 2025.04.23) fastcgi 2.4.5 т信罩ｃ Perl CVE-2024-56406: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transli…

Ryukoku.ac.jp 2025-04-24 15:00