CVE-2025-65497 – A NULL pointer dereference vulnerability in OIS... (How to Fix)

Q: What is the severity of CVE-2025-65497?

CVE-2025-65497 has a CVSS score of 4.3 (MEDIUM). A NULL pointer dereference vulnerability in OISM libcoap's DTLS cookie generation function allows remote attackers to cause denial of service. Attackers can trigger this by sending a crafted DTLS handshake that causes SSL_get_SSL_CTX() to return NULL. Systems using libcoap 4.3.5 with DTLS enabled are affected.

📋 TL;DR

A NULL pointer dereference vulnerability in OISM libcoap's DTLS cookie generation function allows remote attackers to cause denial of service. Attackers can trigger this by sending a crafted DTLS handshake that causes SSL_get_SSL_CTX() to return NULL. Systems using libcoap 4.3.5 with DTLS enabled are affected.

💻 Affected Systems

Products:

OISM libcoap

Versions: 4.3.5 specifically (check if earlier versions are affected)

Operating Systems: All platforms where libcoap is compiled with OpenSSL/DTLS support

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when compiled with DTLS support (COAP_DTLS_SUPPORT) and using OpenSSL backend. Requires DTLS to be enabled and accessible.

📦 What is this software?

Libcoap by Libcoap

View all CVEs affecting Libcoap →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of the libcoap application, requiring restart of affected services.

🟠

Likely Case

Service crash or hang affecting CoAP/DTLS functionality, potentially disrupting IoT or constrained device communications.

🟢

If Mitigated

Minimal impact if proper input validation and error handling are implemented at application layer.

🌐 Internet-Facing: MEDIUM - Requires DTLS handshake and specific conditions, but unauthenticated remote exploitation is possible.

🏢 Internal Only: LOW - Internal attackers would need network access to CoAP/DTLS services and specific knowledge of the vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending specifically crafted DTLS handshake packets to trigger the NULL pointer condition. No authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in libcoap 4.3.6 and later

Vendor Advisory: https://github.com/obgm/libcoap/issues/1745

Restart Required: Yes

Instructions:

1. Update libcoap to version 4.3.6 or later. 2. Recompile applications using libcoap. 3. Restart affected services using libcoap.

🔧 Temporary Workarounds

Disable DTLS support

all

Compile libcoap without DTLS support if not required

./configure --disable-dtls
make clean && make

Network filtering

linux

Block or restrict access to CoAP/DTLS ports (typically 5684/udp)

iptables -A INPUT -p udp --dport 5684 -j DROP

🧯 If You Can't Patch

Implement network segmentation to isolate CoAP/DTLS services from untrusted networks
Deploy application-level monitoring and automatic restart mechanisms for crash recovery

🔍 How to Verify

Check if Vulnerable:

Check libcoap version: dpkg -l | grep libcoap or rpm -qa | grep libcoap. If version is 4.3.5 and compiled with DTLS support, system is vulnerable.

Check Version:

pkg-config --modversion libcoap-3 || coap-client --version 2>/dev/null | head -1

Verify Fix Applied:

Verify libcoap version is 4.3.6 or later. Test DTLS functionality remains operational after patch.

📡 Detection & Monitoring

Log Indicators:

Application crashes with segmentation fault in coap_dtls_generate_cookie
Unexpected termination of CoAP services
Error logs mentioning SSL_get_SSL_CTX failure

Network Indicators:

Unusual DTLS handshake patterns to port 5684/udp
Multiple failed DTLS connections from single source

SIEM Query:

source="application.logs" AND ("segmentation fault" OR "coap_dtls_generate_cookie" OR "libcoap crash")

📊 Metadata

CVE ID: CVE-2025-65497

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE: CWE-476

EPSS Score: 0.14% exploit probability (34th percentile)

Published: November 24, 2025

Last Updated: December 1, 2025

🔗 References

https://github.com/obgm/libcoap/issues/1745 Issue Tracking
https://github.com/obgm/libcoap/pull/1750 Issue Tracking,Patch

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65497, you might also want to check these: