CVE-2025-50518 – A use-after-free vulnerability in libcoap's coa... (How to Fix)

Q: What is the severity of CVE-2025-50518?

CVE-2025-50518 has a CVSS score of 9.8 (CRITICAL). A use-after-free vulnerability in libcoap's coap_delete_pdu_lkd function allows memory corruption when applications misuse the library. This could lead to arbitrary code execution or crashes. Only applications using libcoap incorrectly are affected, as the supplier disputes this is a library vulnerability.

📋 TL;DR

A use-after-free vulnerability in libcoap's coap_delete_pdu_lkd function allows memory corruption when applications misuse the library. This could lead to arbitrary code execution or crashes. Only applications using libcoap incorrectly are affected, as the supplier disputes this is a library vulnerability.

💻 Affected Systems

Products:

libcoap

Versions: All versions prior to proper application usage

Operating Systems: All platforms running libcoap

Default Config Vulnerable: ✅ No

Notes: Vulnerability only manifests when applications misuse libcoap APIs. Supplier disputes this is a library vulnerability.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise if exploited successfully.

🟠

Likely Case

Application crashes or denial of service due to memory corruption.

🟢

If Mitigated

No impact if applications use libcoap correctly per documentation.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires specific application misuse patterns and memory manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: https://github.com/obgm/libcoap/issues/1724

Restart Required: No

Instructions:

Ensure applications use libcoap APIs correctly per documentation. Review application code for proper PDU handling.

🔧 Temporary Workarounds

Application Code Review

all

Audit application code for proper use of coap_delete_pdu_lkd and related functions

Review application source code for libcoap API usage patterns

🧯 If You Can't Patch

Isolate affected applications in restricted network segments
Implement strict input validation and memory usage monitoring

🔍 How to Verify

Check if Vulnerable:

Review application source code for improper coap_delete_pdu_lkd usage patterns

Check Version:

Check libcoap version with: pkg-config --modversion libcoap-3

Verify Fix Applied:

Code review confirms proper PDU lifecycle management

📡 Detection & Monitoring

Log Indicators:

Application crashes with memory corruption errors
Segmentation faults in libcoap processes

Network Indicators:

Unusual CoAP traffic patterns triggering memory issues

SIEM Query:

Process crashes with libcoap in stack trace

📊 Metadata

CVE ID: CVE-2025-50518

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.08% exploit probability (23.2th percentile)

Published: August 14, 2025

Last Updated: September 11, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-50518, you might also want to check these: