BURSTA critical security vulnerability has been discovered in Squid Web Proxy Cache that enables attackers to execute remote code through a heap buffer overflow in URN (Uniform Resource Name) handling.
The vulnerability, tracked as CVE-2025-54574, affects all Squid versions prior to 6.4 and has been assigned a critical severity rating with significant potential for system compromise.
Key Takeaways
1. Squid proxy has a buffer overflow flaw (CVE-2025-54574), enabling remote code execution and memory theft.
2. All Squid versions before 6.4 are vulnerable.
3. Update or disable URN access with the http_access deny URN configuration.
Technical Analysis of Squid RCE Flaw
The vulnerability stems from incorrect buffer management in Squid’s URN processing mechanism, creating a heap buffer overflow condition that can be exploited remotely.
When processing URN Trivial-HTTP responses, the flaw allows malicious remote servers to perform buffer overflow attacks, potentially delivering up to 4KB of Squid’s allocated heap memory to attackers.
This memory exposure presents severe security implications, as it may contain sensitive credentials, authentication tokens, or other confidential data stored in the proxy’s memory space.
The technical impact extends beyond simple memory disclosure. The buffer overflow condition creates opportunities for remote code execution, enabling attackers to gain control over affected Squid proxy servers potentially.
The vulnerability affects a broad range of Squid versions, including all Squid-4 versions, x releases up to 4.17, all Squid-5. x versions through 5.9, and Squid-6. x releases up to 6.3.
Legacy versions prior to Squid 4.14 remain untested but are presumed vulnerable, significantly expanding the potential attack surface.
| Risk Factors | Details |
| Affected Products | – Squid Web Proxy Cache versions < 6.4- All Squid 4.x (up to 4.17)- All Squid 5.x (up to 5.9)- All Squid 6.x (up to 6.3)- Legacy versions < 4.14 (presumed vulnerable) |
| Impact | Remote code execution |
| Exploit Prerequisites | – Network access to Squid proxy- Ability to send URN requests- No authentication required- No user interaction needed |
| CVSS 3.1 Score | 9.3 (Critical) |
Mitigation Strategies
Organizations can implement immediate protective measures while planning for system updates. The primary workaround involves disabling URN access permissions through configuration changes using the Access Control Lists (ACL): acl URN proto URN followed by http_access deny URN.
This configuration effectively blocks URN protocol requests, preventing exploitation of the vulnerable code path.
The Squid development team has released version 6.4 as the patched release, with the specific fix documented in commit a27bf4b84da23594150c7a86a23435df0b35b988.
Security researchers StarryNight discovered the vulnerability, while the Measurement Factory developed and implemented the fix.
System administrators should prioritize updating to Squid 6.4 or applying vendor-specific patches for their distribution to eliminate this critical security exposure.
Integrate ANY.RUN TI Lookup with your SIEM or SOAR To Analyses Advanced Threats -> Try 50 Free Trial Searches
The post Critical Squid Vulnerability Let Attackers Execute Remote Code appeared first on Cyber Security News.