CVE-2025-46807 is a high-severity vulnerability classified under CWE-770 (Allocation of Resources Without Limits or Throttling) affecting the sslh software prior to version 2.2.4. sslh is a protocol multiplexer that allows multiple protocols (such as HTTPS, SSH, OpenVPN) to share a single port, commonly used to simplify firewall configurations and service management. The vulnerability arises because sslh does not impose limits or throttling on resource allocation, specifically file descriptors, which are finite system resources representing open files or network sockets. An attacker can exploit this by initiating numerous connections or requests to sslh, causing it to exhaust its available file descriptors. Once exhausted, sslh cannot accept new legitimate connections, resulting in a denial of service (DoS) condition for users relying on the service. The CVSS 4.0 base score of 8.7 reflects the vulnerability's network attack vector (AV:N), low attack complexity (AC:L), no privileges or user interaction required (PR:N/UI:N), and a high impact on availability (VA:H), with no impact on confidentiality or integrity. No known exploits are currently reported in the wild, but the ease of exploitation and the critical nature of the impact make this a significant threat. The vulnerability affects all versions of sslh before 2.2.4, and the issue was publicly disclosed on June 2, 2025. Since sslh is often deployed in environments where multiple protocols are multiplexed over a single port, this vulnerability can disrupt critical network services and communications if exploited.

For European organizations, the impact of CVE-2025-46807 can be substantial, especially for those relying on sslh to manage multiple protocol traffic through a single port. The exhaustion of file descriptors can lead to denial of service, disrupting access to essential services such as SSH for remote administration, HTTPS for web services, or VPN connections for secure remote access. This disruption can affect business continuity, remote work capabilities, and secure communications. Critical infrastructure providers, financial institutions, and government agencies in Europe that utilize sslh for service multiplexing may face operational outages, potentially leading to financial losses, reputational damage, and compliance issues under regulations such as GDPR. Additionally, the lack of authentication or user interaction required for exploitation means attackers can launch attacks remotely and anonymously, increasing the risk of widespread service disruption. While no data breach or integrity compromise is indicated, the availability impact alone can have cascading effects on dependent systems and services.

To mitigate this vulnerability, European organizations should immediately upgrade sslh to version 2.2.4 or later, where the resource allocation limits and throttling mechanisms have been implemented. In addition to patching, organizations should implement network-level protections such as rate limiting and connection throttling on firewalls or load balancers to restrict the number of simultaneous connections to sslh. Monitoring system metrics related to file descriptor usage and connection counts can provide early warning signs of potential exhaustion attacks. Employing intrusion detection systems (IDS) or anomaly detection tools to identify unusual spikes in connection attempts can help in proactive defense. Furthermore, organizations should review and harden system limits on file descriptors (ulimit settings) to ensure that sslh operates within safe resource boundaries. Where feasible, segmenting services and reducing reliance on multiplexing critical protocols through a single port can reduce the attack surface. Finally, maintaining an incident response plan that includes DoS attack scenarios will improve readiness to respond to exploitation attempts.