Warning: Critical Vulnerability in Squid Web Proxy Cache, Patch Immediately!

Image
Decorative image
Published : 05/08/2025
  • Last update: 05-08-2025
  • Affected software:
    → Squid Web Proxy Cache prior to v6.4
  • Type: Heap-based Buffer Overflow
  • CVE/CVSS
    → CVE-2025-54574: CVSS 9.3 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H)

Sources

https://github.com/squid-cache/squid/security/advisories/GHSA-w4gv-vw3f-29g3

Risks

A critical heap buffer overflow vulnerability has been discovered in Squid Web Proxy Cache, a widely used caching proxy for the Web. This vulnerability, tracked as CVE-2025-54574, affects all Squid versions prior to 6.4 and allows remote attackers to execute code or cause major service disruptions without authentication or user interaction.

The vulnerability poses a significant risk. It can be exploited over the network with low complexity, potentially leading to remote code execution or the exposure of memory, which may include security credentials or other sensitive data. Given that no privileges or user interaction are required, and the scope is changed, this makes the vulnerability highly attractive to malicious actors.

While there is no public indication that this vulnerability is currently being exploited in the wild, taking immediate steps to patch or mitigate this vulnerability is critical to maintaining the security and availability of your proxy infrastructure.

Description

CVE-2025-54574: Squid Web Proxy Cache (Critical)
This vulnerability is caused by incorrect buffer management in how Squid handles URN (Uniform Resource Name) protocols. Specifically, when Squid processes URN Trivial-HTTP responses, it is vulnerable to a heap-based buffer overflow, which can be triggered by a remote server.

Attackers can exploit this flaw to overwrite parts of the heap memory, potentially leading to remote code execution on the affected system or leakage of sensitive data such as authentication credentials. The bug affects all the following Squid versions:

  • All Squid 4.x up to and including 4.17
  • All Squid 5.x up to and including 5.9
  • All Squid 6.x up to and including 6.3
  • Older versions (pre-4.14) are untested but should be assumed vulnerable. The issue is resolved in Squid version 6.4, and patches are available for stable releases in the Squid patch archive.

Recommended Actions

Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable instances with the highest priority after thorough testing. Upgrade to the latest Squid version to fully remediate this vulnerability. If you are using a distribution-provided version of Squid, check with your vendor for the availability of patched packages.

Temporary Mitigation: As a short-term measure, disable URN access in your Squid configuration

Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.

While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-54574