CVE-2025-4444

MEDIUM EPSS 35.0%

Published Sep 18, 20259mo ago · Modified Jun 17, 20261w ago

6.3 CVSS 4.0

Medium

Published Sep 18, 2025 9mo ago

Last Modified Jun 17, 2026 1w ago

Description

A security flaw has been discovered in Tor up to 0.4.7.16/0.4.8.17. Impacted is an unknown function of the component Onion Service Descriptor Handler. Performing manipulation results in resource consumption. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is considered difficult. Upgrading to version 0.4.8.18 and 0.4.9.3-alpha is recommended to address this issue. It is recommended to upgrade the affected component.

CVSS Details

Base Score

6.3

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity High

Privileges Required None

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

35.0% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 2

CWE-400 Uncontrolled Resource Consumption Resource Mgmt

CWE-404

References 6

forum.torproject.org https://forum.torproject.org/t/alpha-and-stable-release-0-4-8-18-and-0-4-9-3-alpha/20578
github.com https://github.com/chunmianwang/Tordos
gitlab.torproject.org https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.8/ReleaseNotes
vuldb.com https://vuldb.com/?ctiid.324814
vuldb.com https://vuldb.com/?id.324814
vuldb.com https://vuldb.com/?submit.640605

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.