Resource exhaustion in Yhirose Cpp-httplib
CVE-2025-53628
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.20.1, cpp-httplib does not have a limit for a unique line, permitting an attacker to explore this to allocate memory arbitrarily. This vulnerabili…
EPSS: 0.001 (34.2th percentile) — read the EPSS interpretation.
Affected products
- Yhirose Cpp-httplib — versions < 0.20.1
Weakness classification (CWE)
Public proof-of-concept exploits
References
- https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-j6p8-779x-p5pw (x_refsource_CONFIRM)
- https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-qjmq-h3cc-qv6w (x_refsource_MISC)
- https://github.com/yhirose/cpp-httplib/commit/7b752106ac42bd5b907793950d9125a0972c8e8e (x_refsource_MISC)
Frequently asked questions
- What is CVE-2025-53628?
- CVE-2025-53628 is a vulnerability in Yhirose Cpp-httplib, classified under Loop with Unreachable Exit Condition (Infinite Loop). Published 2025-07-10.
- Is CVE-2025-53628 known to be exploited?
- 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.