CVE-2025-65495 identifies a vulnerability in the OISM libcoap version 4.3.5, specifically within the tls_verify_call_back() function located in src/coap_openssl.c. The root cause is an integer signedness error related to the handling of the return value from the i2d_X509() function, which converts an X.509 certificate to DER format. When i2d_X509() returns -1 due to a crafted TLS certificate, this negative value is mistakenly used as a size parameter for malloc(), leading to undefined behavior such as memory allocation failures or buffer overflows. This misuse can cause the affected application to crash or become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability can be exploited remotely without requiring authentication or user interaction, as it is triggered during TLS certificate verification. The CVSS v3.1 score of 7.5 reflects a high severity, emphasizing the ease of remote exploitation and the significant impact on availability. The vulnerability is categorized under CWE-195 (Signed to Unsigned Conversion Error), highlighting the improper handling of signed integer values. No patches or fixes have been released at the time of publication, and no active exploits have been reported. The affected component, libcoap, is widely used in constrained environments and IoT devices that implement the CoAP protocol, which is designed for resource-constrained networks and devices. This makes the vulnerability particularly relevant for embedded systems and IoT deployments that rely on secure communication via TLS.

The primary impact of CVE-2025-65495 is a denial of service condition caused by application crashes or service interruptions when processing malicious TLS certificates. For European organizations, especially those deploying IoT devices, smart city infrastructure, industrial control systems, or other constrained network environments using libcoap 4.3.5, this vulnerability poses a risk to operational continuity and availability. Disruptions could affect critical services such as energy management, transportation systems, healthcare devices, and building automation. The remote and unauthenticated nature of the exploit increases the risk of widespread attacks, potentially leading to network segmentation issues or cascading failures in interconnected systems. While confidentiality and integrity are not directly impacted, the loss of availability can have significant operational and financial consequences. The absence of known exploits in the wild offers a window for proactive mitigation, but the lack of patches necessitates immediate defensive measures. Organizations relying on CoAP-based communication should assess their exposure and prepare for incident response scenarios involving unexpected service outages.

1. Monitor official libcoap repositories and security advisories closely for patches or updates addressing CVE-2025-65495 and apply them promptly once available. 2. Implement network-level filtering to detect and block malformed or suspicious TLS certificates that could exploit the vulnerability, using intrusion detection/prevention systems (IDS/IPS) with updated signatures. 3. Employ strict certificate validation policies and consider additional certificate sanity checks before passing certificates to vulnerable libcoap components. 4. Where feasible, isolate or segment IoT and constrained device networks to limit exposure to untrusted sources that might attempt exploitation. 5. Conduct thorough inventory and risk assessments to identify all systems using libcoap 4.3.5 and evaluate their exposure. 6. Develop and test incident response plans to quickly recover from potential denial of service incidents caused by this vulnerability. 7. Consider temporary mitigations such as disabling TLS certificate verification in controlled environments if acceptable, until patches are available. 8. Engage with vendors and device manufacturers to confirm their mitigation plans and timelines for addressing this vulnerability in embedded products.