cvedb.io
CVE-2025-54574
CRITICAL · CVSS 9.3
EPSS exploitation probability: 0%
Published 2025-08-01T18:15:55.390 · Last modified 2026-06-17T09:40:20.177

Summary

Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable URN access permissions.

Affected products

squid-cache — squid

Does this affect you?

Add your gear to cvedb and we'll alert you only when squid-cache ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.