What is CVE-2025-26819?

A high-severity vulnerability in Monero allows attackers to exploit unregulated HTTP server connections. Immediate patching is critical to mitigate availability risks.

What is the severity of CVE-2025-26819?

CVE-2025-26819 has a severity rating of HIGH with a CVSS base score of 8.6.

CVE-2025-26819 | High Vulnerability in getmonero Monero

CVE-2025-26819 is a high-severity vulnerability affecting Monero through version 0.18.3.4. This vulnerability allows attackers to exploit the lack of response limits on HTTP server connections, potentially leading to denial of service.

The vulnerability has a CVSS score of 8.6, categorized as high severity. Organizations should prioritize patching immediately.

Risk to organizations includes significant availability impacts, as attackers may leverage this vulnerability to disrupt service.

As of now, there is no confirmed public exploit, and it has not been included in the Known Exploited Vulnerabilities (KEV) catalog. However, the potential impact necessitates immediate attention.

Organizations should address this vulnerability in their priority patch cycle to mitigate risks effectively.

Vulnerability Details

The vulnerability is characterized by the absence of response limits on HTTP server connections in Monero versions prior to ec74ff4. The official CVE description notes that it affects all versions up to 0.18.3.4.

The CVSS score of 8.6 indicates a high severity level, primarily due to the availability impact being rated as high. This means that while confidentiality and integrity are not impacted, the availability of the service can be compromised.

The vulnerability was published on February 15, 2025, and has been classified under CWE-770 - Allocation of Resources Without Limits or Throttling.

Technical Analysis

The root cause of this vulnerability lies in the inadequate response limit management in the HTTP server implementation of Monero. Attackers may exploit this weakness through network access, with low complexity and no required privileges or user interaction.

The attack vector is network-based, allowing adversaries to send requests to the server without requiring any special access rights. The low attack complexity further increases the risk, as it does not necessitate sophisticated techniques.

In terms of impacts, the confidentiality and integrity are rated as none, but the availability impact is rated high, indicating that the service may become unavailable due to the exploitation of this vulnerability.

Risk & Impact Analysis

The real-world deployment risk associated with this vulnerability is significant due to the potential denial of service. Organizations using Monero should consider the blast radius, as the exploitation could lead to substantial service interruptions.

Given the CVSS score and the current status of non-exploitation, organizations should prioritize patching immediately to ensure the continued availability of their services.

The urgency assessment highlights a need for immediate attention to this vulnerability to prevent potential service disruptions.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

All versions of Monero prior to ec74ff4 are affected, specifically up to version 0.18.3.4.

Mitigation & Remediation

To mitigate this vulnerability, organizations should promptly apply the patch provided in commit ec74ff4. Ensure that the Monero version is upgraded to at least 0.18.3.5.

In addition to patching, organizations should consider implementing response limits on HTTP server connections as a best practice.

Continuous monitoring and security testing should be part of the security program to ensure that such vulnerabilities do not reappear in the future. Consider utilizing continuous penetration testing to validate the effectiveness of mitigations.

Detection Guidance

Organizations should monitor logs for unusual patterns or spikes in HTTP connections that may indicate exploitation attempts.

Look for behavioral anomalies in application performance that might suggest denial of service attacks.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2025-26819 lies in the trend of vulnerabilities that compromise service availability. As organizations increasingly rely on online services, the risk of downtime due to such vulnerabilities becomes critical.

This vulnerability serves as a reminder for security teams to implement robust security practices and prioritize regular security assessments to identify and address potential weaknesses.

For further reading on security best practices, visit our blog on security testing best practices. Additionally, consider exploring our penetration testing methodology to enhance your security posture.

Lastly, for organizations utilizing Monero, regular updates and vulnerability assessments are essential to maintain security and service availability.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-26819: High Vulnerability in getmonero Monero