Warning: Vulnerability in Squid Web Proxy Cache, CVE-2025-59362, Patch Immediately!

Image
Decorative image
Gepubliceerd : 29/09/2025

 

    * Last update:  29/09/2025
   
    * Affected software: Squid Web Proxy Cache, all versions prior to 7.1
 
    * Type: CWE-172: Encoding Error
 
    * CVE/CVSS
        → CVE-2025-59362: CVSS 8.2 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N)

 

Sources

 
Github https://github.com/Microsvuln/advisories/blob/main/CVE-2025-59362/CVE-2025-59362.md
 

Risks

An encoding error vulnerability (CVE-2025-59362) has been discovered in Squid Web Proxy Cache, a widely used caching proxy for the Web. This vulnerability affects all Squid versions up to and including 7.1. Its low complexity allows remote attackers to compromise the integrity of the server without having any privileges or user interaction. The scope of this vulnerability is unchanged and the attack complexity is low, which makes it attractive to threat actors.

Exploiting CVE-2025-59362 can have a high impact on the Integrity of the Squid proxy, but no impact on the other two aspects of the CIA triad (Confidentiality, Availability).

As of 2025-09-29 there is no publicly available proof-of-concept, nor any evidence of this vulnerability being exploited in the wild.

 

Description

CVE-2025-59362 is a remotely exploitable vulnerability in Squid (through 7.1), where improper handling of ASN.1 encoding for SNMP long OIDs can allow attackers to send specially crafted SNMP requests that trigger buffer overflows or memory corruption in the affected service.

Successful exploitation could lead to denial of service or potentially arbitrary code execution, depending on system configuration and SNMP access exposure.

Recommended Actions

 
Patch  
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.

The Centre for Cybersecurity Belgium advises upgrading to a version of Squid that is newer than 7.1. Please ensure you implement network segmentation and keep monitoring logs for anomalies in SNMP communications.
 
Monitor/Detect 

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
 
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/report-incident.

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
 
 

References

NVD https://nvd.nist.gov/vuln/detail/CVE-2025-59362