CVE-2025-54349: Buffer Overflow
Published Aug 3, 2025
·Updated
In iperf before 3.19.1, iperfauth.c has an off-by-one error and resultant heap-based buffer overflow.
Affected Software
5 affected componentsFixes available
ESnet iperf<3.19.1
es iperf3>=3.2<3.19.1
Microsoft azl3 iperf3 3.17.1-3
Microsoft cbl2 iperf3 3.18-2
Microsoft cbl2 iperf3 3.18-1
Remediation
Event History
Aug 3, 2025
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
DescriptionSeverityWeakness
Data Sourced
via Red Hat·02:01 AM
DescriptionSeverityAffected Software
Data Sourced
via NVD·02:15 AM
RemedyDescriptionSeverityWeaknessAffected Software
Sep 4, 2025
Data Sourced
via Microsoft·10:41 AM
DescriptionSeverityWeakness
Data Sourced
via Microsoft·10:41 AM
Affected Software
Updated
via Microsoft·10:41 AM
SeverityAffected Software
Updated
via Microsoft·10:41 AM
DescriptionSeverity
Frequently Asked Questions
1
What is the severity of CVE-2025-54349?
CVE-2025-54349 is considered a critical vulnerability due to its potential for heap-based buffer overflow.
2
How do I fix CVE-2025-54349?
To fix CVE-2025-54349, upgrade iperf to version 3.19.1 or later.
3
What causes the CVE-2025-54349 vulnerability?
CVE-2025-54349 is caused by an off-by-one error in the iperf_auth.c file.
4
Which versions of iperf are affected by CVE-2025-54349?
CVE-2025-54349 affects all versions of iperf prior to 3.19.1.
5
What types of attacks can exploit CVE-2025-54349?
CVE-2025-54349 can be exploited to execute arbitrary code via heap-based buffer overflow attacks.