CNNVD-202509-4317 Information

Sep 29, 2025 cve

CNNVD ID

CNNVD-202509-4317

CVE-2025-9648

CNNVD Published: 2025-09-29

Description (Chinese)

CivetWeb是Civetweb开源的一个易于使用、功能强大、可嵌入 C/C++ 的 Web 服务器，具有可选的 CGI、SSL 和 Lua 支持。 CivetWeb存在安全漏洞，该漏洞源于mg_handle_form_request函数在解析包含空字节的特制HTTP POST请求时进入无限循环，可能导致拒绝服务攻击。

Description (English)

CivetWeb is an easy-to-use, powerful, embedded C/C++ Web server with optional CGI, SSL and Lua support for the Civetweb open source. There is a security loophole in CivetWeb, which stems from the fact that the mg handle form request function enters an unlimited cycle in the resolution of requests with empty bytes for the special HTTTP POST, which may lead to the denial of service attacks.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Civetweb

Published

2025-09-29

Last Modified

2026-02-24

References

https://cert.pl/en/posts/2025/09/CVE-2025-9648 https://github.com/civetweb/civetweb/issues/1348 https://github.com/civetweb/civetweb/commit/782e18903515f43bafbf2e668994e82bdfa51133 https://access.redhat.com/security/cve/cve-2025-9648 https://vigilance.fr/vulnerability/CivetWeb-overload-via-mg-handle-form-request-48408

Share on: