{"id":"CVE-2025-51495","details":"An integer overflow vulnerability exists in the WebSocket component of Mongoose 7.5 thru 7.17. By sending a specially crafted WebSocket request, an attacker can cause the application to crash. If downstream vendors integrate this component improperly, the issue may lead to a buffer overflow.","modified":"2026-04-10T05:29:20.619938Z","published":"2025-09-29T17:15:31.153Z","references":[{"type":"FIX","url":"https://github.com/cesanta/mongoose/pull/3131"},{"type":"PACKAGE","url":"https://github.com/cesanta/mongoose"},{"type":"EVIDENCE","url":"https://github.com/cainiao159357/CVE-2025-51495"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cesanta/mongoose","events":[{"introduced":"9d38e26b817b6b151fd925e9a8420a46c99a8375"},{"last_affected":"0a86bc0af22173b8c952c11551a067fd6f843d83"}],"database_specific":{"versions":[{"introduced":"7.5"},{"last_affected":"7.17"}]}}],"versions":["7.11","7.12","7.13","7.14","7.15","7.16","7.17","7.5","7.6","7.7","7.8"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-51495.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}