CVE-2025-4444

CVSS v4.0

6.3

Medium

Vector

AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions Tor versions 0.4.7.16 through 0.4.8.17

Description A security flaw exists in Tor within the Onion Service Descriptor Handler component. Manipulation of this component can lead to resource consumption. The issue is potentially exploitable remotely and is considered difficult to exploit.

Recommendations Upgrade to version 0.4.8.18. Upgrade to version 0.4.9.3-alpha.

Fix

Resource Exhaustion

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-404

Related Identifiers

CVE-2025-4444

OPENSUSE-SU-2025:15571-1

Affected Products

Debian

Tor

CVE-2025-4444

Weakness Enumeration

Related Identifiers

Affected Products

References · 16