CVE-2025-59345 is a vulnerability identified in the Dragonfly open source project, specifically affecting versions prior to 2.1.0. Dragonfly is a peer-to-peer (P2P) based file distribution and image acceleration system commonly used to optimize delivery of large files and container images. The vulnerability arises from missing authentication controls on critical Manager web UI endpoints: /api/v1/jobs and /preheats. These endpoints allow management of job creation, deletion, modification, and preheat job creation. Because these endpoints are accessible without any authentication, any user with network access to the Manager interface can perform these actions without restriction. An attacker can exploit this by creating a large number of useless jobs via the /api/v1/jobs endpoint, overwhelming the Manager and causing a denial-of-service (DoS) condition. This DoS state prevents legitimate administrators from managing jobs or accessing the Manager effectively. The vulnerability is classified under CWE-306 (Missing Authentication for Critical Function), indicating a failure to enforce authentication on sensitive operations. The CVSS 4.0 base score is 2.7 (low severity), reflecting that the attack requires network access but no privileges or user interaction, and the impact is limited to availability degradation (denial-of-service) without direct confidentiality or integrity compromise. The flaw was fixed in Dragonfly version 2.1.0 by introducing proper authentication controls on these endpoints. There are no known exploits in the wild as of the published date, and no patch links were provided in the source information. This vulnerability primarily impacts environments where Dragonfly Manager is exposed to untrusted networks or insufficiently segmented internal networks, allowing unauthenticated users to reach the vulnerable endpoints.

For European organizations using Dragonfly versions prior to 2.1.0, this vulnerability poses a risk of service disruption due to denial-of-service attacks against the Manager component. The impact is availability degradation, which could interrupt file distribution and image acceleration workflows critical for DevOps pipelines, continuous integration/continuous deployment (CI/CD), and containerized application delivery. While confidentiality and integrity are not directly affected, the inability to manage jobs can delay operations and increase operational costs. Organizations with Dragonfly Manager interfaces exposed to broader internal networks or insufficiently protected network segments are at higher risk. This could affect cloud service providers, software development firms, and enterprises relying on Dragonfly for efficient content distribution. The low CVSS score suggests limited risk if proper network segmentation and access controls are in place. However, in environments where Dragonfly Manager is accessible to many users or exposed externally, the risk of disruption is more significant. Given the increasing adoption of container technologies and image acceleration in Europe, the vulnerability could impact critical infrastructure and services if not remediated.

1. Upgrade Dragonfly to version 2.1.0 or later, where authentication is enforced on the Manager web UI endpoints. This is the definitive fix. 2. Restrict network access to the Dragonfly Manager interface using firewall rules, VPNs, or zero-trust network segmentation to limit access only to trusted administrators and systems. 3. Implement network-level authentication and access controls, such as IP whitelisting or mutual TLS, to reduce exposure of the Manager endpoints. 4. Monitor network traffic and logs for unusual activity targeting /api/v1/jobs and /preheats endpoints, such as a sudden surge in job creation requests, which may indicate exploitation attempts. 5. If upgrading immediately is not feasible, consider deploying a reverse proxy or web application firewall (WAF) in front of the Manager UI to enforce authentication or block unauthenticated requests to sensitive endpoints. 6. Educate administrators and DevOps teams about this vulnerability and ensure that operational procedures include verification of Dragonfly version and access controls. 7. Regularly audit and review network exposure of internal management interfaces to prevent similar issues.