VDB
CVE-2025-11677
CVE-2025-11677
PUBLISHED
CVSS 6.300000190734863 MEDIUM
Use After Free in WebSocket server implementation in lws_handshake_server in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that handles LWS_CALLBACK_HTTP_CONFIRM_UPGRADE, to achieve denial of service.
EPSS 0.08% · 22.7th percentile
Risk Scores
CVSS 4.0
6.300000190734863
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
EPSS Score
0.08%
22.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| warmcat | libwebsockets | 3 |
| warmcat | libwebsockets | 3 |
Exploit Intelligence
- CIRCL seen: CVE-2025-11677 (circl-sighting)
- CIRCL seen: CVE-2025-11677 (circl-sighting)
- https://libwebsockets.org/git/libwebsockets/commit?id=2f082ec31261f556969160143ba94875d783971a (circl)
- https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-11677 (circl)
- data.yaml (github-poc)
- data.yaml (github-poc)
- data.yaml (github-poc)
- data.yaml (github-poc)
- data.yaml (github-poc)
Timeline
- Oct 13, 2025 CVE ID Reserved
- Oct 20, 2025 Coalition ESS Score
- Oct 20, 2025 CVE Published
- Oct 21, 2025 EPSS Score
- Oct 24, 2025 CVE Updated
- Oct 27, 2025 EPSS Score
- Nov 2, 2025 EPSS Score
- Nov 2, 2025 PoC Published
- Nov 8, 2025 EPSS Score
- Nov 10, 2025 PoC Published
- Nov 14, 2025 EPSS Score
- Nov 17, 2025 Coalition ESS Score