Cyber Posture

CVE-2025-23016

Critical

Published: 10 January 2025

Published
10 January 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 9.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0010 27.3th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-23016 is a critical-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Synacktiv (inferred from references). Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 27.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly requires timely remediation of known software flaws like the integer overflow in fcgi2's ReadParams function by patching to version 2.4.5.

SI-10 Information Input Validation good match
prevent

Mandates validation of information inputs such as crafted nameLen and valueLen values received over the IPC socket to prevent integer overflows.

SI-16 Memory Protection good match
prevent

Implements memory protections like heap overflow safeguards to block unauthorized code execution from the resultant heap-based buffer overflow.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Integer overflow in ReadParams triggers heap buffer overflow enabling local unauthenticated RCE on FastCGI IPC, directly mapping to exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.

Deeper analysisAI

CVE-2025-23016 is an integer overflow vulnerability in FastCGI fcgi2 (also known as fcgi), affecting versions 2.x through 2.4.4. The flaw occurs in the ReadParams function within fcgiapp.c, where crafted nameLen or valueLen values in data sent to the IPC socket trigger an integer overflow, leading to a heap-based buffer overflow. This issue is classified under CWE-190 (Integer Overflow or Wraparound) and carries a CVSS v3.1 base score of 9.3 (AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).

A local attacker with no privileges required can exploit this vulnerability by sending specially crafted data to the affected IPC socket. Successful exploitation could result in high-impact confidentiality, integrity, and availability violations, including potential remote code execution due to the heap-based buffer overflow and the changed scope (S:C) in the CVSS vector.

Mitigation guidance from advisories includes updating to fcgi2 version 2.4.5, as indicated in the project's GitHub release. Additional details are available in the GitHub issue tracker, OSS-security mailing list announcement, Synacktiv's exploitation publication, and Debian LTS security advisory, which address patching for affected distributions.

Details

CWE(s)
CWE-190

Affected Products

Synacktiv
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2025-24156Shared CWE-190
CVE-2026-0031Shared CWE-190
CVE-2026-0861Shared CWE-190
CVE-2026-37540Shared CWE-190
CVE-2025-33218Shared CWE-190
CVE-2026-21385Shared CWE-190
CVE-2025-0587Shared CWE-190
CVE-2026-31648Shared CWE-190
CVE-2024-40635Shared CWE-190
CVE-2025-33219Shared CWE-190

References