[CRITICAL] CVE-2025-54574: Squid Proxy Heap-based Buffer Overflow

Description

In Squid versions up to 6.3, improper buffer management when handling URNs can lead to a heap buffer overflow. If exploited, this vulnerability may result in remote code execution (RCE).

• Severity: Critical.
• Score: 9.3.

Affected Versions

• Squid from 4.x to 4.17
• Squid from 5.x to 5.9
• Squid from 6.x to 6.3

Versions older than 4.14 are not confirmed but are believed to be affected (according to Squid).

Mitigation

Update Squid to version 6.4 or later, which includes a patch for this vulnerability.

If immediate updating is not possible, a temporary workaround is to disable URN access:

acl URN proto URN
http_access deny URN

References

• https://github.com/squid-cache/squid/security/advisories/GHSA-w4gv-vw3f-29g3
• https://security.snyk.io/vuln/SNYK-DEBIANUNSTABLE-SQUID-11362810
• https://nvd.nist.gov/vuln/detail/CVE-2025-54574