Cyber Resilience

CVE-2025-23016

Critical

Published: 10 January 2025

Published
10 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0014 33.1th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-23016 is a critical-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Synacktiv (inferred from references). Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 33.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-23016 is an integer overflow vulnerability in FastCGI fcgi2 (also known as fcgi), affecting versions 2.x through 2.4.4. The flaw occurs in the ReadParams function within fcgiapp.c, where crafted nameLen or valueLen values in data sent to the IPC socket trigger an integer overflow, leading to a heap-based buffer overflow. This issue is classified under CWE-190 (Integer Overflow or Wraparound) and carries a CVSS v3.1 base score of 9.3 (AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

A local attacker with no privileges required can exploit this vulnerability by sending specially crafted data to the affected IPC socket. Successful exploitation could result in high-impact confidentiality, integrity, and availability violations, including potential remote code execution due to the heap-based buffer overflow and the changed scope (S:C) in the CVSS vector.

Mitigation guidance from advisories includes updating to fcgi2 version 2.4.5, as indicated in the project's GitHub release. Additional details are available in the GitHub issue tracker, OSS-security mailing list announcement, Synacktiv's exploitation publication, and Debian LTS security advisory, which address patching for affected distributions.

EU & UK References

Vulnerability details

FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Integer overflow in ReadParams triggers heap buffer overflow enabling local unauthenticated RCE on FastCGI IPC, directly mapping to exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-0587Shared CWE-190
CVE-2025-24156Shared CWE-190
CVE-2025-33219Shared CWE-190
CVE-2025-47363Shared CWE-190
CVE-2024-34733Shared CWE-190
CVE-2026-0028Shared CWE-190
CVE-2026-35415Shared CWE-190
CVE-2025-33218Shared CWE-190
CVE-2026-25210Shared CWE-190
CVE-2026-37540Shared CWE-190

Affected Assets

Synacktiv
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely remediation of known software flaws like the integer overflow in fcgi2's ReadParams function by patching to version 2.4.5.

prevent

Mandates validation of information inputs such as crafted nameLen and valueLen values received over the IPC socket to prevent integer overflows.

prevent

Implements memory protections like heap overflow safeguards to block unauthorized code execution from the resultant heap-based buffer overflow.

References