CVE-2025-50681 – CVE-2025-50681 is a remote denial-of-service vu... (How to Fix)

Q: What is the severity of CVE-2025-50681?

CVE-2025-50681 has a CVSS score of 7.5 (HIGH). CVE-2025-50681 is a remote denial-of-service vulnerability in igmpproxy versions before commit 2b30c36. Attackers can crash the application by sending a crafted IGMPv3 membership report packet with a malicious source address, triggering a NULL pointer dereference. This affects embedded networking devices and consumer IoT products like home routers and media gateways that use igmpproxy for multicast traffic handling.

📋 TL;DR

CVE-2025-50681 is a remote denial-of-service vulnerability in igmpproxy versions before commit 2b30c36. Attackers can crash the application by sending a crafted IGMPv3 membership report packet with a malicious source address, triggering a NULL pointer dereference. This affects embedded networking devices and consumer IoT products like home routers and media gateways that use igmpproxy for multicast traffic handling.

💻 Affected Systems

Products:

igmpproxy

Versions: All versions before commit 2b30c36 (specifically version 0.4 and earlier)

Operating Systems: Linux-based systems, Embedded OS in routers and IoT devices

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems where igmpproxy is running and configured to handle IGMP traffic. Common in home routers, media gateways, and embedded networking equipment.

📦 What is this software?

Igmpproxy by Pali

View all CVEs affecting Igmpproxy →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of multicast services (IPTV, streaming) on affected devices, requiring manual restart of igmpproxy or device reboot.

🟠

Likely Case

Temporary disruption of multicast-dependent services until igmpproxy restarts or device reboots.

🟢

If Mitigated

Minimal impact if patched or workarounds implemented; isolated to multicast service disruption.

🌐 Internet-Facing: LOW - Exploitation requires sending IGMP packets to the vulnerable host, typically not exposed directly to the internet.

🏢 Internal Only: MEDIUM - Attackers on the local network can exploit this to disrupt multicast services on vulnerable devices.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending a single malformed IGMPv3 packet to the vulnerable host. Proof-of-concept details are available in public references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Commit 2b30c36 or later

Vendor Advisory: https://github.com/pali/igmpproxy/issues/97

Restart Required: Yes

Instructions:

1. Update igmpproxy to version with commit 2b30c36 or later. 2. Recompile from source if using custom builds. 3. Restart igmpproxy service or reboot device.

🔧 Temporary Workarounds

Disable igmpproxy if not needed

linux

Stop and disable the igmpproxy service if multicast functionality is not required.

systemctl stop igmpproxy
systemctl disable igmpproxy

Network filtering

linux

Block IGMPv3 membership report packets at network boundaries using firewall rules.

iptables -A INPUT -p igmp --igmp-type membership-report -j DROP

🧯 If You Can't Patch

Implement network segmentation to isolate vulnerable devices from untrusted networks.
Monitor for crash events in system logs and set up alerts for igmpproxy service restarts.

🔍 How to Verify

Check if Vulnerable:

Check igmpproxy version: 'igmpproxy -v' or examine source code for commit 2b30c36 presence.

Check Version:

igmpproxy -v 2>&1 | head -1

Verify Fix Applied:

Verify igmpproxy version is after commit 2b30c36 and test with known exploit packets if possible.

📡 Detection & Monitoring

Log Indicators:

Segmentation fault or crash messages in system logs related to igmpproxy
Unexpected igmpproxy service restarts

Network Indicators:

IGMPv3 membership report packets with unusual source addresses
Sudden drop in multicast traffic

SIEM Query:

source="syslog" AND ("igmpproxy" AND ("segmentation fault" OR "crash" OR "SIGSEGV"))

📊 Metadata

CVE ID: CVE-2025-50681

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-120

EPSS Score: 0.23% exploit probability (45.9th percentile)

Published: December 19, 2025

Last Updated: January 2, 2026

🔗 References

https://gist.github.com/miora-sora/dac1612d16c45c2aedb8605478adc28f Third Party Advisory
https://github.com/pali/igmpproxy/issues/97 Exploit,Patch,Issue Tracking
https://github.com/younix/igmpproxy/commit/2b30c36e6ab5b21defb76ec6458ab7687984484c Patch
https://github.com/pali/igmpproxy/issues/97 Exploit,Patch,Issue Tracking

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-50681, you might also want to check these: