CVE-2025-65501 – A null pointer dereference vulnerability in lib... (How to Fix)

Q: What is the severity of CVE-2025-65501?

CVE-2025-65501 has a CVSS score of 4.3 (MEDIUM). A null pointer dereference vulnerability in libcoap's DTLS handshake processing allows remote attackers to crash applications using the library. This affects systems running libcoap 4.3.5 with DTLS enabled, primarily IoT devices and network services using CoAP protocol.

📋 TL;DR

A null pointer dereference vulnerability in libcoap's DTLS handshake processing allows remote attackers to crash applications using the library. This affects systems running libcoap 4.3.5 with DTLS enabled, primarily IoT devices and network services using CoAP protocol.

💻 Affected Systems

Products:

libcoap (OISM CoAP library)

Versions: 4.3.5 specifically

Operating Systems: All platforms running libcoap

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when DTLS is enabled and SSL_get_app_data() returns NULL during handshake

📦 What is this software?

Libcoap by Libcoap

View all CVEs affecting Libcoap →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service causing application crash and service disruption

🟠

Likely Case

Service interruption requiring restart of affected application

🟢

If Mitigated

No impact if DTLS is disabled or proper null checks are implemented

🌐 Internet-Facing: MEDIUM - Exploitable remotely but only causes DoS, not data compromise

🏢 Internal Only: LOW - Requires DTLS handshake and specific conditions

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending a DTLS handshake that triggers the null pointer condition

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.3.6 or later

Vendor Advisory: https://github.com/obgm/libcoap/issues/1748

Restart Required: Yes

Instructions:

1. Update libcoap to version 4.3.6 or later. 2. Recompile applications using libcoap. 3. Restart affected services.

🔧 Temporary Workarounds

Disable DTLS

all

Disable DTLS functionality if not required

Configure application to use CoAP without DTLS

Apply patch manually

linux

Apply the fix from GitHub pull request #1750

git apply patch-from-pr1750.diff

🧯 If You Can't Patch

Implement network segmentation to isolate CoAP services
Use rate limiting on DTLS handshake attempts

🔍 How to Verify

Check if Vulnerable:

Check libcoap version: dpkg -l | grep libcoap or check installed package version

Check Version:

pkg-config --modversion libcoap-3

Verify Fix Applied:

Verify version is 4.3.6 or later and check that coap_dtls_info_callback includes null pointer check

📡 Detection & Monitoring

Log Indicators:

Application crash logs mentioning libcoap
Segmentation fault in coap_dtls_info_callback

Network Indicators:

Multiple DTLS handshake attempts followed by service unavailability

SIEM Query:

source="application.logs" AND "segmentation fault" AND "libcoap"

📊 Metadata

CVE ID: CVE-2025-65501

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE: CWE-476

EPSS Score: 0.14% exploit probability (34th percentile)

Published: November 24, 2025

Last Updated: December 1, 2025

🔗 References

https://github.com/obgm/libcoap/issues/1748 Issue Tracking
https://github.com/obgm/libcoap/pull/1750 Issue Tracking

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65501, you might also want to check these: