CVE-2025-4821

HIGH EPSS 49.4%
Published Jun 18, 20251y ago · Modified Jun 17, 20261w ago
7.5 CVSS 3.1
High
Find Similar
Published Jun 18, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating a congestion-controlled data transfer towards itself. Then, it could manipulate the victim's congestion control state by sending ACK frames covering a large range of packet numbers (including packet numbers that had never been sent); see RFC 9000 Section 19.3. The victim could grow the congestion window beyond typical expectations and allow more bytes in flight than the path might really support. In extreme cases, the window might grow beyond the limit of the internal variable's type, leading to an overflow panic. Patches quiche 0.24.4 is the earliest version containing the fix for this issue.

CVSS Details

Base Score
7.5
Exploitability
3.9
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
49.4% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-770

Affected Products 1

VendorProductVersionRange
cloudflarequiche* <0.24.4

References 1

  • github.com https://github.com/cloudflare/quiche/security/advisories/GHSA-6m38-4r9r-5c4m
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.