suse · CVE-2025-54574

Quick triage

Priority: high Published: 2025-08-05 23:13:40 UTC Updated: 2025-09-22 07:42:09 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2025-54574 severity important: SUSE including 1 source package names (squid), 27 product×package rows across 27 product lines (SLES-LTSS-TERADATA 15 SP2, SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS, … (27 product lines)): Will Not Fix 24, Known Not Affected 3.

Description:

Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable URN access permissions.

cvelogic Threat Intelligence