CVE-2025-63652 – A use-after-free vulnerability in Monkey web se... (How to Fix)

Q: What is the severity of CVE-2025-63652?

CVE-2025-63652 has a CVSS score of 7.5 (HIGH). A use-after-free vulnerability in Monkey web server's HTTP request handling allows attackers to crash the server by sending a specially crafted HTTP request. This affects all systems running vulnerable versions of Monkey web server, potentially causing service disruption.

📋 TL;DR

A use-after-free vulnerability in Monkey web server's HTTP request handling allows attackers to crash the server by sending a specially crafted HTTP request. This affects all systems running vulnerable versions of Monkey web server, potentially causing service disruption.

💻 Affected Systems

Products:

Monkey web server

Versions: Versions up to and including commit f37e984

Operating Systems: All platforms running Monkey web server

Default Config Vulnerable: ⚠️ Yes

Notes: All configurations using the vulnerable HTTP request handling are affected.

📦 What is this software?

Monkey by Monkey Project

View all CVEs affecting Monkey →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service with server crash and potential memory corruption leading to remote code execution in specific conditions.

🟠

Likely Case

Server crash and service disruption requiring manual restart, causing downtime for hosted applications.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring allowing quick detection and recovery.

🌐 Internet-Facing: HIGH - Directly exploitable via HTTP requests without authentication.

🏢 Internal Only: MEDIUM - Still exploitable by internal attackers but requires network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending a crafted HTTP request to trigger the use-after-free condition.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after commit f37e984

Vendor Advisory: https://github.com/monkey/monkey/issues/426

Restart Required: Yes

Instructions:

1. Update Monkey web server to latest version. 2. Check GitHub for patched commits. 3. Restart the Monkey service after update.

🔧 Temporary Workarounds

Network filtering

all

Block or filter suspicious HTTP requests at network perimeter

Load balancer protection

all

Configure load balancer to drop malformed HTTP requests

🧯 If You Can't Patch

Implement strict network segmentation to limit access to Monkey servers
Deploy WAF with rules to detect and block exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check Monkey version or commit hash against vulnerable range (up to f37e984)

Check Version:

monkey --version or check commit hash in source

Verify Fix Applied:

Verify updated to version after f37e984 commit and test with known exploit attempts

📡 Detection & Monitoring

Log Indicators:

Server crash logs
Abnormal termination of Monkey process
Memory error messages in system logs

Network Indicators:

Malformed HTTP requests causing server crashes
Repeated connection attempts to trigger vulnerability

SIEM Query:

source="monkey.log" AND ("crash" OR "segmentation fault" OR "use-after-free")

📊 Metadata

CVE ID: CVE-2025-63652

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-416

EPSS Score: 0.8% exploit probability (73.6th percentile)

Published: January 29, 2026

Last Updated: February 13, 2026

🔗 References

https://github.com/archersec/security-advisories/blob/master/monkey/monkey-advisory-2025.md Exploit,Third Party Advisory
https://github.com/monkey/monkey/issues/426 Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-63652, you might also want to check these: