CVE-2025-54574 is a critical heap-based buffer overflow vulnerability affecting the Squid caching proxy server, specifically versions 6.3 and earlier. Squid is widely used as a web proxy and caching solution to improve web performance and control access. The vulnerability arises from improper buffer management when processing Uniform Resource Names (URNs). An attacker can exploit this flaw by sending specially crafted URN requests to a vulnerable Squid server, triggering a heap buffer overflow. This overflow can lead to remote code execution (RCE) without requiring any authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). The vulnerability impacts the integrity and availability of the affected systems, potentially allowing attackers to execute arbitrary code, disrupt proxy services, or pivot into internal networks. The issue has been resolved in Squid version 6.4 by correcting the buffer management logic. As an interim mitigation, disabling URN access permissions can prevent exploitation. No known exploits have been reported in the wild yet, but the high CVSS score of 9.3 and the nature of the vulnerability make it a significant threat, especially given Squid's deployment in enterprise and ISP environments. The vulnerability's scope is broad because Squid is deployed globally and often exposed to untrusted networks, increasing the risk of exploitation.

For European organizations, this vulnerability poses a substantial risk due to the widespread use of Squid in corporate networks, ISPs, and public institutions for web caching and filtering. Successful exploitation could lead to unauthorized code execution on proxy servers, enabling attackers to intercept, manipulate, or disrupt web traffic. This could compromise sensitive data confidentiality indirectly through man-in-the-middle attacks or facilitate lateral movement within networks. The availability of proxy services could also be impacted, causing denial of service to users relying on Squid for internet access or content delivery. Given the critical nature of the vulnerability and the lack of required authentication, attackers could exploit this remotely, increasing the threat level. Organizations in sectors such as finance, government, telecommunications, and critical infrastructure in Europe could face operational disruptions, data breaches, and reputational damage if their Squid proxies are compromised.

European organizations should immediately assess their Squid deployments to identify versions prior to 6.4. The primary mitigation is to upgrade all Squid instances to version 6.4 or later, where the vulnerability is patched. Until upgrades can be performed, administrators should disable URN access permissions within Squid configurations to prevent exploitation via this attack vector. Network-level protections such as firewall rules can be implemented to restrict access to Squid proxy ports from untrusted or external sources. Additionally, monitoring proxy logs for unusual URN request patterns or anomalous traffic can help detect attempted exploitation. Organizations should also ensure that their incident response and patch management processes are prepared to rapidly deploy updates. Given the potential for remote code execution, isolating Squid servers in segmented network zones with limited privileges can reduce the impact of a successful attack.