What is the CVSS score of CVE-2025-52887?

CVE-2025-52887 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.2%.

Which versions of Ubuntu are affected by CVE-2025-52887?

Organizations using cpp-httplib face notable risk from CVE-2025-52887, a resource exhaustion vulnerability rated CVSS 7.5.. A patch is available.

Is there a public PoC exploit available for CVE-2025-52887?

Yes, a public proof-of-concept exploit is available for CVE-2025-52887. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2025-52887?

Within 7 days: Identify all affected systems and apply vendor patches promptly. Vendor patch is available.

Ubuntu CVE-2025-52887

EUVD-2025-19196 HIGH

Uncontrolled Resource Consumption (CWE-400)

2025-06-26 security-advisories@github.com

Denial Of Service Debian Ubuntu Red Hat Cpp Httplib Suse

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 23:54 euvd

EUVD-2025-19196

Analysis Generated

Mar 15, 2026 - 23:54 vuln.today

Patch released

Mar 15, 2026 - 23:54 nvd

Patch available

PoC Detected

Aug 06, 2025 - 19:15 vuln.today

Public exploit code

CVE Published

Jun 26, 2025 - 15:15 nvd

HIGH 7.5

DescriptionNVD

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. In version 0.21.0, when many http headers fields are passed in, the library does not limit the number of headers, and the memory associated with the headers will not be released when the connection is disconnected. This leads to potential exhaustion of system memory and results in a server crash or unresponsiveness. Version 0.22.0 contains a patch for the issue.

Analysis

Technical ContextAI

A denial of service vulnerability allows an attacker to disrupt the normal functioning of a system, making it unavailable to legitimate users. This vulnerability is classified as Uncontrolled Resource Consumption (CWE-400).

RemediationAI

A vendor patch is available — apply it immediately. Implement rate limiting and input validation. Use timeout mechanisms for resource-intensive operations. Deploy DDoS protection where applicable.

More from same product – last 7 days

CVE-2026-44050 CRITICAL Act Now

9.9 May 21

Heap buffer overflow in the Netatalk cnid_metad daemon's comm_rcv() function allows remote attackers with low-level priv

CVE-2026-44048 HIGH This Week

8.8 May 21

Stack-based buffer overflow in Netatalk versions 2.0.4 through 4.4.2 allows authenticated remote attackers to corrupt me

CVE-2026-44047 HIGH This Week

8.8 May 21

SQL injection in Netatalk 3.1.0 through 4.4.2 allows authenticated remote attackers to compromise the MySQL-backed CNID

CVE-2026-44051 HIGH This Week

8.1 May 21

Arbitrary file read in Netatalk 3.0.2 through 4.4.2 allows authenticated remote attackers to create attacker-controlled

CVE-2026-9277 HIGH This Week

8.1 May 22

Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr

Vendor StatusVendor

Ubuntu

Priority: Medium

cpp-httplib

Release	Status	Version
plucky	ignored	end of life, was needs-triage
jammy	needed	-
noble	needed	-
upstream	released	0.22.0
oracular	ignored	end of life, was needs-triage
questing	needed	-

Debian

cpp-httplib

Release	Status	Fixed Version	Urgency
bookworm	fixed	0.11.4+ds-1+deb12u1	-
forky, sid, trixie	fixed	0.18.7-1	-
(unstable)	not-affected	-	-

CVE-2025-52887 vulnerability details – vuln.today

Back

Ubuntu CVE-2025-52887

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

Analysis

Technical ContextAI

RemediationAI

More from same product – last 7 days

Vendor StatusVendor

Ubuntu

Debian

Share

External POC / Exploit Code