CVE-2025-24946

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Feb 20, 2025

CWE ID 407

Summary

CVE-2025-24946 is a vulnerability affecting the hash table used in the picoquic connection management before commit b80fd3f. This issue results in a Hash Denial of Service (DoS) attack, where remote attackers can generate a substantial CPU load on the server. They accomplish this by exploiting the weak hash function used in the table and initiating connections with similar Source Connection IDs (SCIDs), causing a collision and significant processing requirements on the server side.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/25ApzN
https://www.cve.org/CVERecord?id=CVE-2025-24946
https://nvd.nist.gov/vuln/detail/CVE-2025-24946

Back to Vulnerability Database

CVE-2025-24946

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations