Is CVE-2025-54574 actively exploited?

CVE-2025-54574 has no public evidence of in-the-wild exploitation as of 2025-11-05.

What is the CVSS score for CVE-2025-54574?

CVE-2025-54574 has a CVSS score of 9.3 (CRITICAL severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H.

How do I patch CVE-2025-54574?

Patch guidance is available from squid-cache security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2025-54574.

Fix CVE-2025-54574 - CRITICAL squid-cache squid

Description

Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable URN access permissions.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: changed
Confidentiality: none
Integrity: low
Availability: high
Weaknesses: CWE-122 CWE-787 · Out-of-bounds Write

Metadata

Primary Vendor: SQUID-CACHE
Published: 8/1/2025
Last Modified: 11/5/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

squid-cache : squid

Remediation Guidance

Executive Summary

Cite this page

CVE-2025-54574. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2025-54574

View on NIST NVD

CVE-2025-54574 vulnerability