CVE-2025-52570

Name of the Vulnerable Software and Affected Versions: Letmein versions prior to 10.2.1

Description: The connection limiter in Letmein is implemented incorrectly, allowing an arbitrary amount of simultaneously incoming connections for the services letmeind and letmeinfwd. This makes the command line option num-connections ineffective, and it does not limit the number of simultaneously incoming connections. The issue can lead to a Possible Denial Of Service by resource exhaustion.

Recommendations: For versions prior to 10.2.1, upgrade to version 10.2.1 to resolve the issue. As a temporary workaround, consider limiting the number of active connections to the letmeind port via firewall or restricting the resource consumption of the service with a service manager such as systemd.