CVE-2025-50518
Published: 14 August 2025
Summary
CVE-2025-50518 is a critical-severity Use After Free (CWE-416) vulnerability. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 33.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-16 implements memory protection controls like ASLR and non-executable memory that directly mitigate use-after-free exploitation in libcoap's coap_delete_pdu_lkd function.
SI-2 requires timely flaw remediation, including patching or updating the vulnerable libcoap library to eliminate the use-after-free vulnerability.
RA-5 vulnerability scanning detects deployed instances of vulnerable libcoap versions affected by CVE-2025-50518 for prioritized remediation.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Use-after-free enables remote memory corruption/RCE in libcoap (CoAP protocol handler), directly facilitating exploitation of public-facing apps or remote services.
NVD Description
A use-after-free vulnerability exists in the coap_delete_pdu_lkd function within coap_pdu.c of the libcoap library. This issue occurs due to improper handling of memory after the freeing of a PDU object, leading to potential memory corruption or the possibility of executing…
more
arbitrary code. NOTE: this is disputed by the Supplier because it only occurs when an application uses libcoap incorrectly.
Deeper analysisAI
CVE-2025-50518 is a use-after-free vulnerability in the coap_delete_pdu_lkd function within coap_pdu.c of the libcoap library. The flaw arises from improper handling of memory after freeing a PDU object, which can lead to memory corruption or arbitrary code execution. The vulnerability is assigned CWE-416 and carries a CVSS v3.1 base score of 9.8, indicating critical severity.
The vulnerability can be exploited remotely over the network with low complexity, requiring no privileges, no user interaction, and no special scoping conditions. An attacker could potentially achieve high impacts on confidentiality, integrity, and availability through memory corruption or code execution. However, the supplier disputes the issue, stating it only occurs when an application uses libcoap incorrectly.
References, including GitHub issues in the obgm/libcoap repository and a related blog post, discuss the vulnerability in the context of libcoap development. The supplier's position in these discussions emphasizes that proper application usage avoids triggering the flaw, with no specific patches or mitigations detailed beyond correct implementation guidance.
Details
- CWE(s)