In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflow.

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Vendors Products
Es
  • Iperf3

Configuration 1 [-]

cpe:2.3:a:es:iperf3:*:*:*:*:*:*:*:*

No data.

References
Link Providers
https://github.com/esnet/iperf/commit/4e5313bab0b9b3fe03513ab54f722c8a3e4b7bdf cve-icon cve-icon cve-icon
https://github.com/esnet/iperf/releases/tag/3.19.1 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-54349 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-54349 cve-icon
History

Fri, 17 Oct 2025 20:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:iperf_project:iperf:*:*:*:*:*:*:*:* cpe:2.3:a:es:iperf3:*:*:*:*:*:*:*:*
Vendors & Products Iperf Project
Iperf Project iperf

Tue, 05 Aug 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Iperf Project
Iperf Project iperf
CPEs cpe:2.3:a:iperf_project:iperf:*:*:*:*:*:*:*:*
Vendors & Products Iperf Project
Iperf Project iperf

Tue, 05 Aug 2025 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Es
Es iperf3
Vendors & Products Es
Es iperf3

Mon, 04 Aug 2025 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 04 Aug 2025 12:15:00 +0000

Type Values Removed Values Added
Title iperf3: iperf Heap Buffer Overflow
References
Metrics threat_severity

None

 threat_severity

Moderate

Sun, 03 Aug 2025 01:30:00 +0000

Type Values Removed Values Added
Description In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflow.
Weaknesses CWE-193
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L'}
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2025-08-03T00:00:00.000Z

Updated: 2025-08-04T13:10:50.498Z

Reserved: 2025-07-21T00:00:00.000Z

Link: CVE-2025-54349

cve-icon Vulnrichment

Updated: 2025-08-04T13:10:47.476Z

cve-icon NVD

Status : Analyzed

Published: 2025-08-03T02:15:35.597

Modified: 2025-10-17T19:46:28.300

Link: CVE-2025-54349

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-08-03T00:00:00Z

Links: CVE-2025-54349 - Bugzilla