Is CVE-2024-25111 actively exploited?

CVE-2024-25111 has no public evidence of in-the-wild exploitation as of 2025-11-03.

What is the CVSS score for CVE-2024-25111?

CVE-2024-25111 has a CVSS score of 8.6 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H.

How do I patch CVE-2024-25111?

Patch guidance is available from squid-cache security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2024-25111.

Fix CVE-2024-25111 - HIGH squid-cache squid

Q: Which products are affected by CVE-2024-25111?

4 products: squid-cache squid, fedoraproject fedora, fedoraproject fedora, netapp bluexp.

Description

Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunked, encoded HTTP Message. This bug is fixed in Squid version 6.8. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. There is no workaround for this issue.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: changed
Confidentiality: none
Integrity: none
Availability: high
Weaknesses: CWE-674 CWE-674

Metadata

Primary Vendor: SQUID-CACHE
Published: 3/6/2024
Last Modified: 11/3/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

squid-cache : squidfedoraproject : fedorafedoraproject : fedoranetapp : bluexp

Remediation Guidance

Executive Summary

Cite this page

CVE-2024-25111. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2024-25111

View on NIST NVD

CVE-2024-25111 vulnerability