What is the CVSS score of CVE-2025-54939?

CVE-2025-54939 has a CVSS 3.1 base score of 5.3 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L. EPSS exploitation probability: 0.1%.

Which versions of Litespeed Web Adc are affected by CVE-2025-54939?

CVE-2025-54939 presents moderate security risk rated CVSS 5.3. Exploitation could compromise the security of affected deployments. Proof-of-concept code is publicly available.

Is there a public PoC exploit available for CVE-2025-54939?

Yes, a public proof-of-concept exploit is available for CVE-2025-54939. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate CVE-2025-54939?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Litespeed Web Adc CVE-2025-54939

MEDIUM

Allocation of Resources Without Limits or Throttling (CWE-770)

2025-08-01 cve@mitre.org

Denial Of Service Litespeed Web Adc Litespeed Web Server Lsquic Openlitespeed

5.3

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

5.3 MEDIUM

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 19:04 vuln.today

PoC Detected

Aug 27, 2025 - 15:52 vuln.today

Public exploit code

CVE Published

Aug 01, 2025 - 06:15 nvd

MEDIUM 5.3

DescriptionCVE.org

LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak.

AnalysisAI

LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Allocation of Resources Without Limits (CWE-770), which allows attackers to exhaust system resources through uncontrolled allocation. LiteSpeed QUIC (LSQUIC) Library before 4.3.1 has an lsquic_engine_packet_in memory leak. Affected products include: Litespeedtech Litespeed Web Adc, Litespeedtech Litespeed Web Server, Litespeedtech Lsquic, Litespeedtech Openlitespeed. Version information: before 4.3.1.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Set resource limits, implement rate limiting, validate input sizes.

CVE-2025-54939 vulnerability details – vuln.today

Back

Litespeed Web Adc CVE-2025-54939

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code