CVE-2025-59350

CVSS v4.0

5.5

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Name of the Vulnerable Software and Affected Versions Dragonfly versions prior to 2.1.0

Description The access control mechanism for the Proxy feature uses simple string comparisons and is vulnerable to timing attacks. An attacker may attempt to guess the password character by character by sending possible characters to the vulnerable mechanism and measuring the comparison instruction’s execution times. The vulnerable code performs a short-circuiting equality operation to compare the username and password. The potential impact of successful exploitation is currently undetermined.

Recommendations Upgrade to version 2.1.0 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-208CWE-697

Related Identifiers

CVE-2025-59350

GHSA-C2FC-9Q9C-5486

GO-2025-3972

OPENSUSE-SU-2025:15576-1

SUSE-SU-2025:3799-1

Affected Products

Dragonfly

CVE-2025-59350

Weakness Enumeration

Related Identifiers

Affected Products

References · 47