CVE-2025-65500 – A NULL pointer dereference vulnerability in OIS... (How to Fix)

Q: What is the severity of CVE-2025-65500?

CVE-2025-65500 has a CVSS score of 4.3 (MEDIUM). A NULL pointer dereference vulnerability in OISM libcoap's DTLS cookie generation function allows remote attackers to cause denial of service. Attackers can trigger this by sending a crafted DTLS handshake that causes SSL_get_SSL_CTX() to return NULL. This affects systems using vulnerable versions of libcoap with DTLS enabled.

📋 TL;DR

A NULL pointer dereference vulnerability in OISM libcoap's DTLS cookie generation function allows remote attackers to cause denial of service. Attackers can trigger this by sending a crafted DTLS handshake that causes SSL_get_SSL_CTX() to return NULL. This affects systems using vulnerable versions of libcoap with DTLS enabled.

💻 Affected Systems

Products:

OISM libcoap

Versions: 4.3.5 specifically (check if earlier versions are also vulnerable)

Operating Systems: All platforms where libcoap is compiled with OpenSSL/DTLS support

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects configurations with DTLS enabled. Systems using CoAP without DTLS or with other TLS backends may not be vulnerable.

📦 What is this software?

Libcoap by Libcoap

View all CVEs affecting Libcoap →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of the affected CoAP/DTLS service, requiring restart of the application or service.

🟠

Likely Case

Service crash or hang affecting CoAP/DTLS functionality, potentially disrupting IoT or constrained device communications.

🟢

If Mitigated

Minimal impact if DTLS is disabled or if the service has automatic restart capabilities.

🌐 Internet-Facing: MEDIUM - Exploitable remotely but only causes DoS, not data compromise or system takeover.

🏢 Internal Only: LOW - Requires network access to CoAP/DTLS service, typically used in constrained environments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending a crafted DTLS handshake packet to trigger the NULL pointer dereference.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in libcoap 4.3.6 and later

Vendor Advisory: https://github.com/obgm/libcoap/issues/1746

Restart Required: Yes

Instructions:

1. Update libcoap to version 4.3.6 or later. 2. Recompile applications using libcoap. 3. Restart affected services.

🔧 Temporary Workarounds

Disable DTLS

all

Disable DTLS support in libcoap configuration if not required

Recompile libcoap with --disable-dtls configure option
Modify application code to not use coap_dtls_* functions

Network filtering

linux

Block or restrict access to CoAP/DTLS ports (typically 5684/udp)

iptables -A INPUT -p udp --dport 5684 -j DROP
firewall-cmd --permanent --add-rich-rule='rule protocol value="udp" drop'

🧯 If You Can't Patch

Implement network segmentation to isolate CoAP/DTLS services from untrusted networks
Deploy intrusion prevention systems (IPS) to detect and block crafted DTLS handshake attempts

🔍 How to Verify

Check if Vulnerable:

Check libcoap version: dpkg -l | grep libcoap or rpm -qa | grep libcoap. If version is 4.3.5 and DTLS is enabled, system is vulnerable.

Check Version:

pkg-config --modversion libcoap-3 || coap-client --version 2>/dev/null | head -1

Verify Fix Applied:

Verify libcoap version is 4.3.6 or later and test DTLS functionality remains operational.

📡 Detection & Monitoring

Log Indicators:

Application crashes or segmentation faults in coap_dtls_generate_cookie
Unexpected service restarts of CoAP/DTLS services

Network Indicators:

Multiple DTLS handshake attempts from single source followed by service disruption
Unusual DTLS packet patterns to port 5684/udp

SIEM Query:

source="*coap*" AND ("segmentation fault" OR "null pointer" OR "SIGSEGV")

📊 Metadata

CVE ID: CVE-2025-65500

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE: CWE-476

EPSS Score: 0.14% exploit probability (34th percentile)

Published: November 24, 2025

Last Updated: December 1, 2025

🔗 References

https://github.com/obgm/libcoap/issues/1746 Issue Tracking
https://github.com/obgm/libcoap/pull/1750 Issue Tracking,Patch

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65500, you might also want to check these: