{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T05:42:21.851","vulnerabilities":[{"cve":{"id":"CVE-2025-54574","sourceIdentifier":"security-advisories@github.com","published":"2025-08-01T18:15:55.390","lastModified":"2025-11-05T17:15:43.620","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable URN access permissions."},{"lang":"es","value":"Squid es un proxy de caché para la web. En las versiones 6.3 y anteriores, Squid es vulnerable a un desbordamiento del búfer de montón y a posibles ataques de ejecución remota de código al procesar URN debido a una gestión incorrecta del búfer. Esto se ha corregido en la versión 6.4. Para solucionar este problema, deshabilite los permisos de acceso a URN."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:H","baseScore":9.3,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*","versionEndExcluding":"6.4","matchCriteriaId":"1D384D1F-2A05-4EE0-9CB8-C83FDC53F608"}]}]}],"references":[{"url":"https://github.com/squid-cache/squid/commit/a27bf4b84da23594150c7a86a23435df0b35b988","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/squid-cache/squid/releases/tag/SQUID_6_4","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/squid-cache/squid/security/advisories/GHSA-w4gv-vw3f-29g3","source":"security-advisories@github.com","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2025/11/05/5","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.debian.org/debian-lts-announce/2025/09/msg00027.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}