CVE-2025-32464 — Vulnetix

CVE-2025-32464 PUBLISHED

HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sample_conv_regsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one.

EPSS 2.11% · 84.4th percentile

Risk Scores

EPSS Score

2.11%

84.4th percentile

Affected Products

Vendor	Product	Versions
Bitnami	haproxy	2.2.0, 3.0.0
Bitnami	haproxy	3.0.0, 2.2.0

Timeline

Apr 8, 2025 CVE Published
Apr 9, 2025 EPSS Score
Apr 9, 2025 PoC Published
Apr 22, 2025 EPSS Score
May 4, 2025 EPSS Score
May 4, 2025 Coalition ESS Score
May 14, 2025 PoC Published
May 17, 2025 EPSS Score
May 29, 2025 EPSS Score
Jun 5, 2025 CVE Updated
Jun 11, 2025 EPSS Score
Jun 24, 2025 EPSS Score

References

https://github.com/haproxy/haproxy/commit/3e3b9eebf871510aee36c3a3336faac2f38c9559 url
https://nvd.nist.gov/vuln/detail/CVE-2025-32464 url
https://lists.debian.org/debian-lts-announce/2025/04/msg00031.html url

Open in Interactive Console →