Cyber Resilience

CVE-2025-34468

HighPublic PoC

Published: 31 December 2025

Published
31 December 2025
Modified
14 January 2026
KEV Added
Patch
CVSS Score v4 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0064 45.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-34468 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Libcoap Libcoap. Its CVSS base score is 8.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 45.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-34468 is a stack-based buffer overflow vulnerability in the libcoap library, affecting versions up to and including 4.3.5 prior to commit 30db3ea. The flaw occurs in the address resolution functionality, where attacker-controlled hostname data is copied into a fixed 256-byte stack buffer without proper bounds checking, leading to CWE-121 (Stack-based Buffer Overflow) and CWE-787 (Out-of-bounds Write) conditions. Applications using libcoap with the proxy logic enabled are susceptible, as exploitation requires triggering the proxy request handling code path.

A remote, unauthenticated attacker can exploit this vulnerability over the network with low complexity, as indicated by its CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). By supplying malicious hostname data, the attacker can cause a denial-of-service crash or, depending on compiler options and runtime memory protections, potentially achieve remote code execution.

Mitigation involves updating to libcoap versions incorporating commit 30db3ea, available via the project's GitHub repository (https://github.com/obgm/libcoap/commit/30db3ea) and associated pull request (https://github.com/obgm/libcoap/pull/1737). Additional details are provided in the official libcoap site (https://libcoap.net/) and VulnCheck advisory (https://www.vulncheck.com/advisories/libcoap-stack-based-buffer-overflow-in-address-resolution-dos-or-potential-rce), which recommend disabling proxy features if patching is not immediately feasible.

EU & UK References

Vulnerability details

libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address resolution when attacker-controlled hostname data is copied into a fixed 256-byte stack buffer without proper bounds checking. A remote attacker can trigger…

more

a crash and potentially achieve remote code execution depending on compiler options and runtime memory protections. Exploitation requires the proxy logic to be enabled (i.e., the proxy request handling code path in an application using libcoap).

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Stack-based buffer overflow in libcoap's public-facing proxy/address resolution enables remote unauthenticated exploitation for DoS or potential RCE on affected applications.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-2263Shared CWE-121, CWE-787
CVE-2025-70237Shared CWE-121, CWE-787
CVE-2025-54820Shared CWE-121, CWE-787
CVE-2025-70234Shared CWE-121, CWE-787
CVE-2025-0282Shared CWE-121, CWE-787
CVE-2025-70245Shared CWE-121, CWE-787
CVE-2025-70239Shared CWE-121, CWE-787
CVE-2023-54334Shared CWE-121, CWE-787
CVE-2025-66047Shared CWE-121, CWE-787
CVE-2026-24497Shared CWE-121, CWE-787

Affected Assets

libcoap
libcoap
≤ 4.3.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires identifying, reporting, and remediating the stack-based buffer overflow flaw in libcoap by applying the vendor patch from commit 30db3ea.

prevent

Restricts system to least functionality by disabling unnecessary proxy logic in libcoap applications, preventing the vulnerable address resolution code path from being triggered.

prevent

Mandates validation of attacker-controlled hostname inputs with bounds checking before processing in libcoap's address resolution, directly countering the lack of bounds checking that causes the buffer overflow.

References