Cybersecurity Vulnerabilities

CVE-2025-65495: Libcoap Vulnerable to Denial of Service via Crafted TLS Certificate

November 24, 2025 - By 

Overview

CVE-2025-65495 describes a denial-of-service (DoS) vulnerability found in OISM libcoap version 4.3.5. This vulnerability is triggered by an integer signedness error within the tls_verify_call_back() function in src/coap_openssl.c. A remote attacker can exploit this vulnerability by sending a specially crafted TLS certificate, leading to a memory allocation failure and subsequent service disruption.

Technical Details

The vulnerability stems from how libcoap handles the return value of the i2d_X509() function when verifying TLS certificates. Specifically, i2d_X509(), which serializes an X.509 certificate to DER format, can return -1 on failure. The tls_verify_call_back() function in src/coap_openssl.c incorrectly interprets this -1 value as a valid size for a subsequent malloc() call. Attempting to allocate a negative number of bytes via malloc() will result in a crash or other unpredictable behavior, effectively causing a denial of service.

CVSS Analysis

As of the publication of this article, a CVSS score has not been assigned to CVE-2025-65495. This is often the case when a vulnerability is newly discovered and analysis is still underway. However, given the potential for remote denial-of-service, a moderate to high severity score is anticipated. The lack of requirement for authentication and the potential for widespread impact will likely influence the CVSS score once it is calculated.

Possible Impact

Successful exploitation of CVE-2025-65495 can lead to a denial of service, rendering affected libcoap services unavailable. This can disrupt critical applications that rely on CoAP for machine-to-machine communication, IoT device management, and other similar use cases. Given the widespread use of libcoap in embedded systems, the impact could be significant.

Mitigation and Patch Steps

The recommended mitigation is to upgrade to a patched version of libcoap that addresses the integer signedness error. The fix for this vulnerability is available in pull request #1750 on the libcoap GitHub repository. Users should monitor official libcoap channels for updated releases containing this fix. Applying the patch manually is also possible, but upgrading to a supported and maintained version is the preferred approach.

References



Cybersecurity specialist and founder of Gowri Shankar Infosec - a professional blog dedicated to sharing actionable insights on cybersecurity, data protection, server administration, and compliance frameworks including SOC 2, PCI DSS, and GDPR.

Related Posts

CVE-2025-61932 Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

CVE-2025-61932: Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

October 23, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *