Squid Proxy Under Threat: Critical Bug Enables Remote Code Execution

  • Post author:
  • Reading time:3 mins read

A critical vulnerability has been discovered in the Squid Web Proxy server, which could allow remote attackers to execute arbitrary code on affected systems. This vulnerability affects multiple versions and may impact many systems relying on Squid for caching and proxy functionality.

Vulnerability Details

  • CVE-ID: CVE-2025-54574
  • CVSS Score: 9.3 (Critical) 
  • EPSS Score: 0.93%
  • Vulnerability: Heap Buffer Overflow vulnerability 
  • Affected Versions: Squid 6.3 and earlier

Infection Method 

  • Attacker identifies a vulnerable Squid server
    The attacker scans the internet or internal networks to find Squid HTTP proxy servers running version 6.3 or earlier.
  • Target is confirmed as accessible.
    The attacker confirms that the proxy server accepts incoming client requests (i.e., is publicly or internally reachable).
  • Crafting a malicious URN request
    A specially crafted URN (Uniform Resource Name) request is created. This request is designed to trigger the buffer management flaw in Squid’s URN handling logic.
  • Sending the malicious request
    The attacker sends the malicious URN request to the Squid proxy.
  • A heap buffer overflow is triggered.
    Squid processes the malformed URN without checking the proper bounds. Due to incorrect buffer management, a heap buffer overflow occurs in memory.
  • Execution of arbitrary code
    The attacker’s payload delivered via the overflow may overwrite function pointers or control data in memory, allowing remote code execution (RCE) on the proxy server.

Impact

Successful exploitation of this vulnerability can lead to remote code execution on affected Squid proxy servers without authentication or user interaction. Additionally, it may allow attackers to exfiltrate up to 4KB of heap memory, potentially exposing sensitive information such as security credentials or other confidential data stored in memory.

Mitigation & Recommendations

Organizations are strongly advised to upgrade to Squid version 6.4, which completely fixes this vulnerability. If upgrading is not immediately possible, a temporary workaround can be applied by disabling URN access via configuration changes. This can be achieved by adding ACL rules to block URN protocol requests, preventing exploitation until a proper update is deployed.

Instantly Fix Risks with Saner Patch Management

Saner patch management is a continuous, automated, and integrated software that instantly fixes risks exploited in the wild. The software supports major operating systems like Windows, Linux, and macOS, as well as 550+ third-party applications.

It also allows you to set up a safe testing area to test patches before deploying them in a primary production environment. Saner patch management additionally supports a patch rollback feature in case of patch failure or a system malfunction.

Experience the fastest and most accurate patching software here.