CVE-2025-53628

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.20.1, cpp-httplib does not have a limit for a unique line, permitting an attacker to explore this to allocate memory arbitrarily. This vulnerability is fixed in 0.20.1. NOTE: This vulnerability is related to CVE-2025-53629.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/yhirose/cpp-httplib/commit/7b752106ac42bd5b907793950d9125a0972c8e8e	Patch
https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-j6p8-779x-p5pw	Vendor Advisory Exploit
https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-qjmq-h3cc-qv6w	Not Applicable
https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-j6p8-779x-p5pw	Vendor Advisory Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:yhirose:cpp-httplib:*:*:*:*:*:*:*:*

History

06 Aug 2025, 18:08

Type	Values Removed	Values Added
References	~~() https://github.com/yhirose/cpp-httplib/commit/7b752106ac42bd5b907793950d9125a0972c8e8e -~~	() https://github.com/yhirose/cpp-httplib/commit/7b752106ac42bd5b907793950d9125a0972c8e8e - Patch
References	~~() https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-j6p8-779x-p5pw -~~	() https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-j6p8-779x-p5pw - Vendor Advisory, Exploit
References	~~() https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-qjmq-h3cc-qv6w -~~	() https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-qjmq-h3cc-qv6w - Not Applicable
CWE		CWE-444
CPE		cpe:2.3:a:yhirose:cpp-httplib::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
First Time		Yhirose Yhirose cpp-httplib

15 Jul 2025, 13:14

Type	Values Removed	Values Added
Summary		(es) cpp-httplib es una librería HTTP/HTTPS multiplataforma de C++11 con un solo archivo de encabezado. En versiones anteriores a la 0.20.1, cpp-httplib no tenía límite de línea única, lo que permitía a un atacante aprovecharlo para asignar memoria arbitrariamente. Esta vulnerabilidad se corrigió en la 0.20.1. NOTA: Esta vulnerabilidad está relacionada con CVE-2025-53629.

10 Jul 2025, 21:15

Type	Values Removed	Values Added
References	~~() https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-j6p8-779x-p5pw -~~	() https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-j6p8-779x-p5pw -

10 Jul 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-10 20:15

Updated : 2025-08-06 18:08

NVD link : CVE-2025-53628

Mitre link : CVE-2025-53628

CVE.ORG link : CVE-2025-53628

JSON object : View

Products Affected

yhirose

cpp-httplib

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')

CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

8.8 /10