What is CVE-2025-5399?

A high-severity vulnerability in haxx curl could lead to denial of service through an endless loop caused by a malicious WebSocket packet. Organizations using affected versions should prioritize remediation to mitigate potential impacts.

What is the severity of CVE-2025-5399?

CVE-2025-5399 has a severity rating of HIGH with a CVSS base score of 7.5.

CVE-2025-5399 | High Vulnerability in haxx curl

CVE-2025-5399 is a high-severity vulnerability affecting haxx curl. This vulnerability allows a malicious server to send a specially crafted packet that traps libcurl in an endless busy-loop. The impact of this vulnerability is significant, as the only way for applications to escape this loop is by terminating the thread or process, leading to a denial of service (DoS) for libcurl-using applications.

The CVSS score for this vulnerability is 7.5, indicating a high severity level. This means organizations are at a heightened risk, especially those that utilize libcurl in their applications. As there is no public exploit currently available, organizations should still be proactive in addressing this vulnerability.

Organizations should prioritize patching immediately. The potential for denial of service against applications relying on curl makes it critical for defenders to address this vulnerability in their security posture.

The vulnerability has been analyzed and confirmed, and it is categorized under CWE-835. Security teams should take this into consideration when evaluating their risk exposure and mitigation strategies.

With the publication date of June 7, 2025, organizations using affected versions of curl should assess their deployment and apply the necessary updates.

Vulnerability Details

The vulnerability arises from a mistake in libcurl's WebSocket code. A malicious server can exploit this by sending a crafted packet, resulting in an endless busy-loop scenario. There is no escape for the application other than killing the process. This vulnerability affects curl, specifically versions from 8.13.0 to 8.14.0.

The CVSS vector is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating that the attack vector is network-based, the attack complexity is low, and no privileges or user interaction are required. The availability impact is high, emphasizing the severity of the potential denial of service.

Technical Analysis

The root cause of this vulnerability is a flaw in libcurl's WebSocket implementation, allowing an attacker to send a malformed packet that causes the library to enter an endless loop. The attack vector is network-based, requiring no local access or user interaction. The complexity of the attack is low, making it easier for attackers to exploit this vulnerability. Since the application cannot escape the loop without terminating the process, it poses a significant risk to availability.

Risk & Impact Analysis

Risk to organizations includes potential denial of service, which can disrupt operations of applications relying on libcurl. The blast radius of this vulnerability can affect any service that utilizes the affected versions of curl. Given the high CVSS score and the exploitability of this vulnerability, organizations should assess their deployment of libcurl and prioritize remediation.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

Affected versions of curl include all versions from 8.13.0 up to (but not including) 8.14.1. Organizations should ensure they are not using these versions to prevent exposure to the vulnerability.

Mitigation & Remediation

Organizations should prioritize remediation by upgrading to a patched version of curl. If an immediate patch is not available, consider implementing network controls to restrict access to potentially malicious servers. Regular monitoring for unusual behavior can also help mitigate risks associated with this vulnerability.

Detection Guidance

Monitoring for abnormal application behavior and logging indicators related to WebSocket connections can assist in detecting potential exploitation attempts. Security teams should also look for signs of denial of service incidents and abnormal resource usage.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2025-5399 highlights the need for continuous security assessments in software dependencies. Organizations must remain vigilant and regularly update their libraries to mitigate emerging vulnerabilities. For further insights on proactive security measures, security teams can benefit from our penetration testing services, which ensure that potential vulnerabilities are identified and mitigated before exploitation occurs.

Organizations are encouraged to design a robust vulnerability management program that encompasses regular updates and security assessments to stay ahead of potential threats.

In addition, understanding the trends in vulnerability exposure can significantly enhance organizational resilience. Our insights on vulnerability exposure can guide security teams in prioritizing their efforts effectively.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-5399: High Vulnerability in haxx curl