What is CVE-2025-24947?

A hash collision vulnerability in LSQUIC before version 4.2.0 allows attackers to cause significant CPU load on the server. Organizations should prioritize remediation to prevent potential denial-of-service attacks.

What is the severity of CVE-2025-24947?

CVE-2025-24947 has a severity rating of MEDIUM with a CVSS base score of 5.3.

CVE-2025-24947 | Medium Vulnerability in LSQUIC

A hash collision vulnerability (in the hash table used to manage connections) in LSQUIC (aka LiteSpeed QUIC) before 4.2.0 allows remote attackers to cause a considerable CPU load on the server (a Hash DoS attack) by initiating connections with colliding Source Connection IDs (SCIDs). This is caused by XXH32 usage.

The severity of this vulnerability is classified as medium with a CVSS score of 5.3. Organizations should consider the potential impact on server availability and performance. Although it does not directly compromise confidentiality or integrity, the availability impact is notable, making it important for defenders to address this vulnerability.

Risk to organizations includes the potential for significant CPU load leading to denial-of-service conditions. Attackers may leverage this vulnerability to disrupt services by exploiting the hash collision feature inherent in LSQUIC.

Organizations should prioritize patching immediately. The vulnerability was published on February 20, 2025, and it is crucial to ensure that systems are updated to version 4.2.0 or later to mitigate the risk.

Vulnerability Details

The CVE-2025-24947 vulnerability is characterized as a hash collision vulnerability in LSQUIC. It allows for a denial-of-service condition by manipulating Source Connection IDs. The vulnerability has a CVSS score of 5.3, indicating medium severity.

The CWE classification for this vulnerability is CWE-407, which pertains to improper resource shutdown or release.

Technical Analysis

The root cause of this vulnerability lies in the improper handling of hash collisions within the LSQUIC implementation. Attackers can exploit this by initiating multiple connections with colliding SCIDs, leading to excessive CPU usage.

The attack vector is network-based, with low complexity and no privileges required for exploitation. User interaction is not necessary, which increases the risk profile.

The impact on availability is rated as low, but the potential for service disruption is significant. Organizations should monitor their systems for unusual CPU usage patterns as a detection strategy.

Risk & Impact Analysis

Real-world deployment of LSQUIC in production environments may expose organizations to this vulnerability, leading to service degradation. The blast radius potential is considerable, especially for services reliant on LSQUIC for managing connections.

The urgency of addressing this vulnerability is underscored by its CVSS score and the potential for denial-of-service conditions. Organizations should assess their exposure and prioritize remediation in their patch cycles.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

All versions prior to vendor patch (4.2.0) are affected by this vulnerability.

Mitigation & Remediation

To mitigate this vulnerability, organizations should upgrade to LSQUIC version 4.2.0 or later. Additionally, monitoring for unusual CPU usage can help in identifying potential exploitation.

If patching is not possible immediately, consider implementing rate limiting on connection attempts and reviewing connection management configurations.

Organizations can validate their remediation through penetration testing to identify any remaining weaknesses.

Detection Guidance

To detect potential exploitation of this vulnerability, organizations should monitor for log indicators that reveal unusual connection attempts or spikes in CPU usage. Behavioral anomalies associated with this vulnerability should also be documented.

Network signatures that indicate hash collision attempts can provide additional detection capabilities.

AppSecure Threat Intelligence Insight

The hash collision vulnerability in LSQUIC represents a significant risk for organizations utilizing this technology in their infrastructure. The potential for denial-of-service attacks through CPU exhaustion highlights the need for proactive security measures.

Security teams should stay informed about emerging vulnerabilities and consider using services such as red teaming as a service to simulate real-world attack scenarios.

Additionally, reviewing the security posture of applications reliant on LSQUIC and implementing best practices in connection management can further mitigate risks.

For in-depth guidance on vulnerability management strategies, organizations can refer to vulnerability management program design resources.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-24947: Medium Vulnerability in LSQUIC