Cyber Resilience

CVE-2025-63658

HighPublic PoC

Published: 29 January 2026

Published
29 January 2026
Modified
13 February 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0041 61.8th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-63658 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Monkey-Project Monkey. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 38.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-63658 is a stack overflow vulnerability in the mk_http_index_lookup function within mk_server/mk_http.c of the Monkey HTTP server at commit f37e984. Published on 2026-01-29, it is classified under CWE-121 (Stack-based Buffer Overflow) and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). The flaw affects instances of Monkey running the specified commit, enabling attackers to trigger a Denial of Service (DoS) through a crafted HTTP request.

Remote, unauthenticated attackers can exploit this vulnerability over the network with low complexity and no user interaction required. By sending a specially crafted HTTP request to the server, attackers can cause a stack overflow, leading to server crashes and high-impact availability disruption, while confidentiality and integrity remain unaffected.

Mitigation details are available in the referenced advisories, including the Archer Security advisory at https://github.com/archersec/security-advisories/blob/master/monkey/monkey-advisory-2025.md and the Monkey GitHub issue at https://github.com/monkey/monkey/issues/427.

EU & UK References

Vulnerability details

A stack overflow in the mk_http_index_lookup function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Stack buffer overflow in public HTTP server directly enables application-layer DoS via crafted request (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-63652Same product: Monkey-Project Monkey
CVE-2025-63653Same product: Monkey-Project Monkey
CVE-2025-63650Same product: Monkey-Project Monkey
CVE-2025-63655Same product: Monkey-Project Monkey
CVE-2025-63657Same product: Monkey-Project Monkey
CVE-2025-63649Same product: Monkey-Project Monkey
CVE-2025-63651Same product: Monkey-Project Monkey
CVE-2025-63656Same product: Monkey-Project Monkey
CVE-2020-37198Shared CWE-121
CVE-2019-25328Shared CWE-121

Affected Assets

monkey-project
monkey
≤ 1.8.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely identification, reporting, and correction of the stack overflow flaw in mk_http_index_lookup, directly remediating the Monkey HTTP server vulnerability.

prevent

Implements memory protections such as stack canaries and DEP to prevent exploitation of the stack-based buffer overflow from crafted HTTP requests.

prevent

Validates HTTP request inputs to block specially crafted requests that trigger the stack overflow in the mk_http_index_lookup function.

References