Critical Squid Flaw Allows Remote Code Execution by Attackers

A severe security vulnerability in the widely-used Squid HTTP proxy has been disclosed, potentially exposing millions of systems to remote code execution attacks.

The flaw, designated as CVE-2025-54574 and SQUID-2025:1, represents a critical buffer overflow vulnerability in the software’s URN handling mechanism that could allow attackers to execute arbitrary code on affected systems.

Vulnerability Details and Impact

The vulnerability stems from incorrect buffer management within Squid’s URN (Uniform Resource Name) processing functionality, as per a report by Security Researchers.

This flaw creates a heap buffer overflow condition that enables remote attackers to potentially execute code on vulnerable systems without requiring authentication or user interaction.

The security researcher known as StarryNight discovered the vulnerability, while The Measurement Factory developed the necessary fixes.

The attack vector is particularly concerning because it can be triggered remotely over network connections with low complexity requirements.

When processing URN Trivial-HTTP responses, malicious servers can exploit this vulnerability to deliver up to 4KB of Squid’s allocated heap memory to clients, potentially exposing sensitive security credentials and confidential data stored in memory.

Affected Systems and Versions

The vulnerability impacts a broad range of Squid installations across multiple major version branches.

All Squid versions prior to 6.4 are considered vulnerable, including legacy installations that have not been adequately tested.

Specifically, all Squid 4.x versions up to and including 4.17 are affected, along with all Squid 5.x versions through 5.9, and Squid 6.x versions up to 6.3.

Organizations running Squid versions older than 4.14 should assume their systems are vulnerable, as these versions have not undergone comprehensive testing for this specific flaw.

Organizations should immediately upgrade to Squid version 6.4, which contains comprehensive fixes for this vulnerability.

For environments where immediate upgrading is not feasible, administrators can implement a temporary workaround by disabling URN access permissions through configuration changes.

This involves adding specific access control list rules to deny URN protocol requests, effectively blocking the vulnerable code path until proper patching can be completed.

This critical vulnerability underscores the ongoing security challenges facing internet infrastructure components.

Given Squid’s widespread deployment in enterprise environments, content delivery networks, and internet service providers, prompt remediation is essential to prevent potential exploitation and data exposure.

Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!