CVE-2025-30403

Summary

A heap-buffer-overflow vulnerability is possible in mvfst via a specially crafted message during a QUIC session. This issue affects mvfst versions prior to v2025.07.07.00.

Affected Software

VendorProductVersion RangeStatus
Facebookmvfstv2025.03.24.00 < v2025.07.07.00affected

Weaknesses

  • Heap-based Buffer Overflow (CWE-122)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References