CVE-2025-63658
Published: 29 January 2026
Summary
CVE-2025-63658 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Monkey-Project Monkey. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 38.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2025-63658 is a stack overflow vulnerability in the mk_http_index_lookup function within mk_server/mk_http.c of the Monkey HTTP server at commit f37e984. Published on 2026-01-29, it is classified under CWE-121 (Stack-based Buffer Overflow) and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). The flaw affects instances of Monkey running the specified commit, enabling attackers to trigger a Denial of Service (DoS) through a crafted HTTP request.
Remote, unauthenticated attackers can exploit this vulnerability over the network with low complexity and no user interaction required. By sending a specially crafted HTTP request to the server, attackers can cause a stack overflow, leading to server crashes and high-impact availability disruption, while confidentiality and integrity remain unaffected.
Mitigation details are available in the referenced advisories, including the Archer Security advisory at https://github.com/archersec/security-advisories/blob/master/monkey/monkey-advisory-2025.md and the Monkey GitHub issue at https://github.com/monkey/monkey/issues/427.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-206521
Vulnerability details
A stack overflow in the mk_http_index_lookup function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack buffer overflow in public HTTP server directly enables application-layer DoS via crafted request (T1499.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely identification, reporting, and correction of the stack overflow flaw in mk_http_index_lookup, directly remediating the Monkey HTTP server vulnerability.
Implements memory protections such as stack canaries and DEP to prevent exploitation of the stack-based buffer overflow from crafted HTTP requests.
Validates HTTP request inputs to block specially crafted requests that trigger the stack overflow in the mk_http_index_lookup function.