Unrated severityNVD Advisory· Published Aug 1, 2025· Updated Nov 5, 2025

Squid's URN Handling can lead to Buffer Overflow

CVE-2025-54574

Description

Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable URN access permissions.

Affected products

Squidex/Squidexllm-fuzzy
Range: <=6.3
Squid Cache/Squidv5
Range: < 6.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/squid-cache/squid/commit/a27bf4b84da23594150c7a86a23435df0b35b988mitrex_refsource_MISC
github.com/squid-cache/squid/releases/tag/SQUID_6_4mitrex_refsource_MISC
github.com/squid-cache/squid/security/advisories/GHSA-w4gv-vw3f-29g3mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.004
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000