PT-2025-17733 · Trpc · Trpc
Lukechilds
·
Published
2025-04-24
·
Updated
2025-04-24
·
CVE-2025-43855
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
tRPC versions 11.0.0 through 11.1.0
Description
The issue allows any unauthenticated user to crash a tRPC 11 WebSocket server by throwing an unhandled error when validating invalid
connectionParams. This affects tRPC 11 servers with WebSocket enabled and a createContext method set.Recommendations
For versions 11.0.0 through 11.1.0, update to version 11.1.1 to resolve the issue.
Exploit
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Trpc