Main Vulnerability Database Vulnerabilities #VU113835

#VU113835 Off-by-one in iperf - CVE-2025-54349

Published: August 12, 2025

Vulnerability identifier: #VU113835

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2025-54349

CWE-ID: CWE-193

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
iperf

Software vendor:
ESnet

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to an off-by-one error in iperf_auth.c. A remote attacker can trigger an off-by-one error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install updates from vendor's website.

External links

https://github.com/esnet/iperf/commit/4e5313bab0b9b3fe03513ab54f722c8a3e4b7bdf
https://github.com/esnet/iperf/releases/tag/3.19.1

#VU113835 Off-by-one in iperf - CVE-2025-54349

Description

Remediation

External links

Please verify you're human