Vulnerability Details CVE-2025-51495
An integer overflow vulnerability exists in the WebSocket component of Mongoose 7.5 thru 7.17. By sending a specially crafted WebSocket request, an attacker can cause the application to crash. If downstream vendors integrate this component improperly, the issue may lead to a buffer overflow.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 15.2%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2025-51495
-
cpe:2.3:a:cesanta:mongoose:7.10
-
cpe:2.3:a:cesanta:mongoose:7.11
-
cpe:2.3:a:cesanta:mongoose:7.12
-
cpe:2.3:a:cesanta:mongoose:7.13
-
cpe:2.3:a:cesanta:mongoose:7.14
-
cpe:2.3:a:cesanta:mongoose:7.15
-
cpe:2.3:a:cesanta:mongoose:7.16
-
cpe:2.3:a:cesanta:mongoose:7.17
-
cpe:2.3:a:cesanta:mongoose:7.5
-
cpe:2.3:a:cesanta:mongoose:7.6
-
cpe:2.3:a:cesanta:mongoose:7.7
-
cpe:2.3:a:cesanta:mongoose:7.8
-
cpe:2.3:a:cesanta:mongoose:7.9