CVE-2025-65499 is a vulnerability identified in the OISM libcoap version 4.3.5, a widely used open-source implementation of the Constrained Application Protocol (CoAP) often deployed in IoT and constrained network environments. The flaw exists in the tls_verify_call_back() function located in src/coap_openssl.c, where an array index error occurs during the processing of DTLS handshakes. Specifically, a crafted DTLS handshake can cause the OpenSSL function SSL_get_ex_data_X509_STORE_CTX_idx() to return -1, an invalid index, which is not properly handled by libcoap. This improper handling leads to an out-of-bounds array access or similar memory corruption, resulting in a denial of service (DoS) condition by crashing the application or causing it to become unresponsive. The vulnerability can be triggered remotely by an attacker sending maliciously crafted DTLS handshake packets, requiring no authentication or user interaction, making exploitation relatively straightforward in affected environments. Although no public exploits are currently known, the vulnerability's nature and the critical role of libcoap in constrained networks make it a significant concern. The absence of a CVSS score indicates that the vulnerability is newly published and pending further analysis or patching. The vulnerability primarily affects systems using libcoap 4.3.5 or earlier versions that have not incorporated fixes. Since libcoap is commonly used in IoT devices, embedded systems, and constrained environments, the impact could extend to critical infrastructure relying on these technologies.

The primary impact of CVE-2025-65499 is a denial of service condition that can disrupt the availability of systems using the vulnerable libcoap library. For European organizations, this could translate into outages or degraded performance in IoT deployments, industrial control systems, smart city infrastructure, and other constrained network environments relying on CoAP over DTLS. Disruption of these services can affect operational continuity, safety systems, and data collection processes. Given the remote exploitability without authentication, attackers could launch DoS attacks from outside the network, potentially causing widespread service interruptions. The impact on confidentiality and integrity is minimal as the vulnerability does not allow code execution or data manipulation directly. However, the availability impact can be significant, especially in critical sectors such as energy, manufacturing, transportation, and healthcare where IoT and constrained protocols are increasingly deployed. The lack of known exploits suggests limited immediate risk, but the potential for future exploitation remains. European organizations with extensive IoT ecosystems or those integrating libcoap-based devices into their infrastructure should prioritize addressing this vulnerability to avoid operational disruptions.

1. Monitor vendor and open-source project channels for official patches or updates to libcoap addressing CVE-2025-65499 and apply them promptly. 2. Until patches are available, implement network-level filtering to detect and block malformed or suspicious DTLS handshake packets that could trigger the vulnerability. 3. Employ anomaly detection systems to monitor DTLS handshake patterns and alert on unusual or repeated handshake failures indicative of exploitation attempts. 4. Segment networks to isolate IoT and constrained devices using libcoap from critical infrastructure and limit exposure to untrusted networks. 5. Conduct inventory and asset management to identify all devices and systems using libcoap 4.3.5 or earlier versions to prioritize remediation efforts. 6. Collaborate with device manufacturers and vendors to ensure firmware updates incorporate the fix and to understand the deployment scope. 7. Consider deploying rate limiting on DTLS handshake requests to reduce the risk of DoS attacks exploiting this vulnerability. 8. Educate security teams about this specific vulnerability to enhance incident response readiness.