{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-4821", "assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513", "state": "PUBLISHED", "assignerShortName": "cloudflare", "dateReserved": "2025-05-16T11:52:39.111Z", "datePublished": "2025-06-18T15:47:52.211Z", "dateUpdated": "2025-06-18T18:29:54.995Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "cloudflare-quiche", "product": "quiche", "vendor": "Cloudflare", "versions": [{"status": "affected", "version": "<0.24.4"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<b>Impact</b><br><br>Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support.<br><br>An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating a congestion-controlled data transfer towards itself. Then, it could manipulate the victim's congestion control state by sending ACK frames covering a large range of packet numbers (including packet numbers that had never been sent); see RFC 9000 Section 19.3. The victim could grow the congestion window beyond typical expectations and allow more bytes in flight than the path might really support. In extreme cases, the window might grow beyond the limit of the internal variable's type, leading to an overflow panic.<br><div><br></div><div>Patches</div><br>quiche 0.24.4 is the earliest version containing the fix for this issue.<br><br>"}], "value": "Impact\n\nCloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support.\n\nAn unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating a congestion-controlled data transfer towards itself. Then, it could manipulate the victim's congestion control state by sending ACK frames covering a large range of packet numbers (including packet numbers that had never been sent); see RFC 9000 Section 19.3. The victim could grow the congestion window beyond typical expectations and allow more bytes in flight than the path might really support. In extreme cases, the window might grow beyond the limit of the internal variable's type, leading to an overflow panic.\n\n\n\nPatches\n\n\nquiche 0.24.4 is the earliest version containing the fix for this issue."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513", "shortName": "cloudflare", "dateUpdated": "2025-06-18T15:47:52.211Z"}, "references": [{"url": "https://github.com/cloudflare/quiche/security/advisories/GHSA-6m38-4r9r-5c4m"}], "source": {"discovery": "UNKNOWN"}, "title": "Incorrect congestion window growth by invalid ACK ranges", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-18T18:29:42.416230Z", "id": "CVE-2025-4821", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-18T18:29:54.995Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-4821", "assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513", "state": "PUBLISHED", "assignerShortName": "cloudflare", "dateReserved": "2025-05-16T11:52:39.111Z", "datePublished": "2025-06-18T15:47:52.211Z", "dateUpdated": "2025-06-18T18:29:54.995Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "cloudflare-quiche", "product": "quiche", "vendor": "Cloudflare", "versions": [{"status": "affected", "version": "<0.24.4"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<b>Impact</b><br><br>Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support.<br><br>An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating a congestion-controlled data transfer towards itself. Then, it could manipulate the victim's congestion control state by sending ACK frames covering a large range of packet numbers (including packet numbers that had never been sent); see RFC 9000 Section 19.3. The victim could grow the congestion window beyond typical expectations and allow more bytes in flight than the path might really support. In extreme cases, the window might grow beyond the limit of the internal variable's type, leading to an overflow panic.<br><div><br></div><div>Patches</div><br>quiche 0.24.4 is the earliest version containing the fix for this issue.<br><br>"}], "value": "Impact\n\nCloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support.\n\nAn unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating a congestion-controlled data transfer towards itself. Then, it could manipulate the victim's congestion control state by sending ACK frames covering a large range of packet numbers (including packet numbers that had never been sent); see RFC 9000 Section 19.3. The victim could grow the congestion window beyond typical expectations and allow more bytes in flight than the path might really support. In extreme cases, the window might grow beyond the limit of the internal variable's type, leading to an overflow panic.\n\n\n\nPatches\n\n\nquiche 0.24.4 is the earliest version containing the fix for this issue."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513", "shortName": "cloudflare", "dateUpdated": "2025-06-18T15:47:52.211Z"}, "references": [{"url": "https://github.com/cloudflare/quiche/security/advisories/GHSA-6m38-4r9r-5c4m"}], "source": {"discovery": "UNKNOWN"}, "title": "Incorrect congestion window growth by invalid ACK ranges", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4821", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-18T18:29:42.416230Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-18T18:29:47.254Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Impact\n\nCloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support.\n\nAn unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating a congestion-controlled data transfer towards itself. Then, it could manipulate the victim's congestion control state by sending ACK frames covering a large range of packet numbers (including packet numbers that had never been sent); see RFC 9000 Section 19.3. The victim could grow the congestion window beyond typical expectations and allow more bytes in flight than the path might really support. In extreme cases, the window might grow beyond the limit of the internal variable's type, leading to an overflow panic.\n\n\n\nPatches\n\n\nquiche 0.24.4 is the earliest version containing the fix for this issue."}, {"lang": "es", "value": "Se descubri\u00f3 que Quiche de Cloudflare era vulnerable a un crecimiento incorrecto de la ventana de congesti\u00f3n, lo que podr\u00eda provocar el env\u00edo de datos a una velocidad superior a la que la ruta realmente admite. Un atacante remoto no autenticado puede explotar esta vulnerabilidad completando primero un protocolo de enlace e iniciando una transferencia de datos controlada por congesti\u00f3n hacia s\u00ed mismo. Posteriormente, podr\u00eda manipular el estado de control de congesti\u00f3n de la v\u00edctima enviando tramas ACK que abarcan una amplia gama de n\u00fameros de paquetes (incluidos los que nunca se enviaron); consulte la secci\u00f3n 19.3 de RFC 9000. La v\u00edctima podr\u00eda ampliar la ventana de congesti\u00f3n m\u00e1s all\u00e1 de lo esperado y permitir m\u00e1s bytes en tr\u00e1nsito de los que la ruta realmente admite. En casos extremos, la ventana podr\u00eda sobrepasar el l\u00edmite del tipo de la variable interna, lo que provocar\u00eda un p\u00e1nico por desbordamiento. Parches: Quiche 0.24.4 es la versi\u00f3n m\u00e1s antigua que contiene la soluci\u00f3n para este problema."}], "id": "CVE-2025-4821", "lastModified": "2025-06-23T20:16:59.783", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "cna@cloudflare.com", "type": "Secondary"}]}, "published": "2025-06-18T16:15:28.527", "references": [{"source": "cna@cloudflare.com", "url": "https://github.com/cloudflare/quiche/security/advisories/GHSA-6m38-4r9r-5c4m"}], "sourceIdentifier": "cna@cloudflare.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "cna@cloudflare.com", "type": "Secondary"}]}

{}