vulnerability
Ubuntu: USN-7962-1 (CVE-2025-66570): cpp-httplib vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:N/C:C/I:C/A:N) | Dec 5, 2025 | Jan 19, 2026 | Jan 21, 2026 |
Severity
9
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:N)
Published
Dec 5, 2025
Added
Jan 19, 2026
Modified
Jan 21, 2026
Description
It was discovered that cpp-httplib did not correctly handle HTTP headers.
A remote attacker could possibly use this issue to bypass authorization
and impersonate users.
Solutions
ubuntu-pro-upgrade-libcpp-httplib-devubuntu-pro-upgrade-libcpp-httplib0ubuntu-pro-upgrade-libcpp-httplib0-14t64ubuntu-pro-upgrade-libcpp-httplib0-18
References
- CVE-2025-66570
- https://attackerkb.com/topics/CVE-2025-66570
- CWE-290
- CWE-345
- CWE-807
- UBUNTU-USN-7962-1
- URL-https://github.com/yhirose/cpp-httplib/commit/ac9ebb0ee333ce8bf13523f487bdfad9518a2aff
- URL-https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-xm2j-vfr9-mg9m
- URL-https://ubuntu.com/security/notices/USN-7962-1
- URL-https://www.cve.org/CVERecord?id=CVE-2025-66570
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.