CVE-2025-54574 is a heap-based buffer overflow vulnerability identified in the Squid caching proxy server, specifically affecting versions 6.3 and earlier. Squid is widely used to improve web performance and enforce access policies by caching web content. The vulnerability stems from incorrect buffer management during the processing of Uniform Resource Names (URNs), which can lead to memory corruption on the heap. This memory corruption can be exploited remotely by an unauthenticated attacker to execute arbitrary code on the affected system, potentially leading to full system compromise. The vulnerability does not require any user interaction and can be triggered over the network, making it highly exploitable. The vulnerability impacts the integrity and availability of the system, as attackers can manipulate proxy behavior or cause denial of service. The issue has been addressed in Squid version 6.4, which includes proper buffer handling to prevent overflow. Until patching is possible, disabling URN access permissions serves as a mitigation to reduce attack surface. No public exploits or active attacks have been reported yet, but the critical CVSS score of 9.3 reflects the high risk posed by this vulnerability.

For European organizations, this vulnerability poses a significant risk to network infrastructure relying on Squid proxies for caching, filtering, or access control. Successful exploitation can lead to remote code execution, allowing attackers to gain control over proxy servers, intercept or manipulate web traffic, and potentially pivot to internal networks. This threatens confidentiality by exposing sensitive data, integrity by altering cached content or access policies, and availability by causing service disruptions or proxy crashes. Organizations in sectors such as finance, government, healthcare, and telecommunications, which often deploy Squid for traffic management, face heightened risks. The critical severity and network-based exploitability mean that attackers can compromise systems without credentials or user interaction, increasing the likelihood of rapid spread and impact. Additionally, the vulnerability could be leveraged in targeted attacks or widespread campaigns, especially if weaponized exploits emerge. The lack of known exploits currently provides a window for proactive defense, but the urgency remains high.

European organizations should immediately upgrade all Squid proxy servers to version 6.4 or later to fully remediate the vulnerability. Where immediate patching is not feasible, administrators should disable URN access permissions as a temporary workaround to mitigate exploitation risk. Network segmentation should be enforced to limit access to proxy servers from untrusted networks. Implement strict ingress filtering and monitor network traffic for unusual URN requests or anomalies indicative of exploitation attempts. Employ host-based intrusion detection systems (HIDS) and endpoint protection solutions to detect potential memory corruption or code execution attempts. Regularly audit proxy configurations and logs to identify suspicious activity. Additionally, organizations should maintain an up-to-date inventory of Squid deployments and ensure timely application of security updates. Security teams should prepare incident response plans specific to proxy compromise scenarios and conduct threat hunting exercises focused on this vulnerability. Collaboration with ISPs and CERTs in Europe can aid in early detection of emerging exploit campaigns.