CVE-2025-65497 is a vulnerability identified in the OISM libcoap version 4.3.5, specifically within the coap_dtls_generate_cookie() function located in the src/coap_openssl.c file. The issue arises from a NULL pointer dereference triggered when the function SSL_get_SSL_CTX() returns NULL during a crafted Datagram Transport Layer Security (DTLS) handshake. This condition leads to a denial of service (DoS) by crashing the application or service relying on libcoap for DTLS-secured CoAP communications. The vulnerability stems from improper handling of SSL context pointers, classified under CWE-476 (NULL Pointer Dereference). The attack vector is network-based (AV:N), requiring no privileges (PR:N), but does require user interaction (UI:R) in the form of initiating a handshake. The scope is unchanged (S:U), and the impact is limited to availability (A:L) with no confidentiality or integrity loss. Libcoap is widely used in IoT and constrained environments for CoAP protocol implementations, often securing communications in smart devices and industrial control systems. The absence of patches and known exploits suggests this is a newly disclosed vulnerability, emphasizing the need for proactive monitoring and mitigation. The vulnerability could be exploited remotely by sending a specially crafted DTLS handshake packet to vulnerable devices, causing them to crash and disrupt service availability.

The primary impact of CVE-2025-65497 is a denial of service condition on devices and applications using libcoap 4.3.5 with OpenSSL for DTLS. For European organizations, particularly those deploying IoT devices, smart city infrastructure, or industrial control systems that rely on CoAP for lightweight communication, this vulnerability could lead to service outages or degraded performance. Disruptions in critical infrastructure such as energy grids, transportation systems, or healthcare IoT devices could have cascading effects on operational continuity and safety. Additionally, repeated exploitation attempts could be used as part of larger denial of service campaigns targeting network segments. While the vulnerability does not compromise confidentiality or integrity, the availability impact could affect business operations and service reliability. The lack of authentication requirements lowers the barrier for attackers, increasing the risk of opportunistic exploitation. Organizations with large-scale deployments of vulnerable libcoap versions may face increased operational risk until mitigations or patches are applied.

1. Monitor vendor advisories and apply patches or updates to libcoap as soon as they become available to address CVE-2025-65497. 2. Implement network-level filtering to detect and block malformed or suspicious DTLS handshake packets that could trigger the vulnerability. 3. Employ rate limiting on DTLS handshake attempts to reduce the risk of denial of service through repeated exploitation. 4. Use intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics targeting anomalous CoAP/DTLS traffic patterns. 5. Where possible, isolate vulnerable devices or services in segmented network zones to limit exposure. 6. Consider fallback mechanisms or redundancy in critical systems to maintain availability if a device is impacted. 7. Conduct regular security assessments and penetration testing focused on IoT and constrained device communications to identify similar weaknesses. 8. Educate operational technology and IoT teams about this vulnerability to ensure rapid incident response if exploitation is detected.