CVE-2025-55181

Q: What is the severity of CVE-2025-55181?

CVE-2025-55181 is considered a medium severity vulnerability due to potential unbounded memory growth.

Q: How do I fix CVE-2025-55181?

To fix CVE-2025-55181, upgrade to a version of Facebook Proxygen released after 2025.12.01.00.

Q: What impact does CVE-2025-55181 have on applications?

CVE-2025-55181 can cause an infinite loop that blocks the event loop, leading to degraded performance or application crashes.

Q: Which versions of Facebook Proxygen are affected by CVE-2025-55181?

CVE-2025-55181 affects Facebook Proxygen versions between 2025.08.25.00 and 2025.12.01.00.

Q: Does CVE-2025-55181 affect specific platforms?

CVE-2025-55181 primarily affects applications utilizing Facebook Proxygen for handling HTTP requests.

Published Dec 2, 2025

Updated

Sending an HTTP request/response body with greater than 2^31 bytes triggers an infinite loop in proxygen::coro::HTTPQuicCoroSession which blocks the backing event loop and unconditionally appends data to a std::vector per-loop iteration. This issue leads to unbounded memory growth and eventually causes the process to run out of memory.

Affected Software

1 affected component

Facebook Proxygen>=2025.08.25.00<=2025.12.01.00

Remediation

Patch Available

https://github.com/facebook/proxygen/commit/17689399ef99b7c3d3a8b2b768b1dba1a4b72f8f

Event History

Dec 2, 2025

CVE Published

via MITRE·10:13 PM

Data Sourced

via MITRE·10:13 PM

DescriptionSeverityWeakness

Data Sourced

via NVD·10:16 PM

RemedyDescriptionSeverityWeaknessAffected Software

Frequently Asked Questions

What is the severity of CVE-2025-55181?

CVE-2025-55181 is considered a medium severity vulnerability due to potential unbounded memory growth.

How do I fix CVE-2025-55181?

To fix CVE-2025-55181, upgrade to a version of Facebook Proxygen released after 2025.12.01.00.

What impact does CVE-2025-55181 have on applications?

CVE-2025-55181 can cause an infinite loop that blocks the event loop, leading to degraded performance or application crashes.

Which versions of Facebook Proxygen are affected by CVE-2025-55181?

CVE-2025-55181 affects Facebook Proxygen versions between 2025.08.25.00 and 2025.12.01.00.

Does CVE-2025-55181 affect specific platforms?

CVE-2025-55181 primarily affects applications utilizing Facebook Proxygen for handling HTTP requests.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

CVE-2025-55181

Affected Software

Remediation

Patch Available

Event History

Don't miss critical vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2025-55181?

How do I fix CVE-2025-55181?

What impact does CVE-2025-55181 have on applications?

Which versions of Facebook Proxygen are affected by CVE-2025-55181?

Does CVE-2025-55181 affect specific platforms?

Company

Resources

Contact