CVE-2025-34468
Published: 31 December 2025
Summary
CVE-2025-34468 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Libcoap Libcoap. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 38.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires identifying, reporting, and remediating the stack-based buffer overflow flaw in libcoap by applying the vendor patch from commit 30db3ea.
Restricts system to least functionality by disabling unnecessary proxy logic in libcoap applications, preventing the vulnerable address resolution code path from being triggered.
Mandates validation of attacker-controlled hostname inputs with bounds checking before processing in libcoap's address resolution, directly countering the lack of bounds checking that causes the buffer overflow.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in libcoap's public-facing proxy/address resolution enables remote unauthenticated exploitation for DoS or potential RCE on affected applications.
NVD Description
libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address resolution when attacker-controlled hostname data is copied into a fixed 256-byte stack buffer without proper bounds checking. A remote attacker can trigger…
more
a crash and potentially achieve remote code execution depending on compiler options and runtime memory protections. Exploitation requires the proxy logic to be enabled (i.e., the proxy request handling code path in an application using libcoap).
Deeper analysisAI
CVE-2025-34468 is a stack-based buffer overflow vulnerability in the libcoap library, affecting versions up to and including 4.3.5 prior to commit 30db3ea. The flaw occurs in the address resolution functionality, where attacker-controlled hostname data is copied into a fixed 256-byte stack buffer without proper bounds checking, leading to CWE-121 (Stack-based Buffer Overflow) and CWE-787 (Out-of-bounds Write) conditions. Applications using libcoap with the proxy logic enabled are susceptible, as exploitation requires triggering the proxy request handling code path.
A remote, unauthenticated attacker can exploit this vulnerability over the network with low complexity, as indicated by its CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). By supplying malicious hostname data, the attacker can cause a denial-of-service crash or, depending on compiler options and runtime memory protections, potentially achieve remote code execution.
Mitigation involves updating to libcoap versions incorporating commit 30db3ea, available via the project's GitHub repository (https://github.com/obgm/libcoap/commit/30db3ea) and associated pull request (https://github.com/obgm/libcoap/pull/1737). Additional details are provided in the official libcoap site (https://libcoap.net/) and VulnCheck advisory (https://www.vulncheck.com/advisories/libcoap-stack-based-buffer-overflow-in-address-resolution-dos-or-potential-rce), which recommend disabling proxy features if patching is not immediately feasible.
Details
- CWE(s)