The vulnerability identified as CVE-2025-65500 affects the OISM libcoap 4.3.5 library, which is widely used for constrained application protocol (CoAP) implementations, especially in IoT and embedded systems. The flaw exists in the coap_dtls_generate_cookie() function located in the src/coap_openssl.c source file. During the DTLS handshake process, the function calls SSL_get_SSL_CTX(), which can return a NULL pointer under crafted handshake conditions. The code does not properly check for this NULL return, leading to a NULL pointer dereference. This results in a denial of service by crashing the application or causing it to become unresponsive. The attack vector is remote and does not require prior authentication, as it exploits the handshake mechanism itself. The vulnerability impacts the availability of services relying on libcoap for secure communication over DTLS. No CVSS score has been assigned yet, and no public exploits have been reported. The vulnerability highlights the importance of robust error handling in cryptographic handshake implementations, especially in libraries used in resource-constrained environments. Since libcoap is commonly integrated into IoT devices and gateways, the vulnerability could disrupt critical communications in industrial, smart city, and other IoT deployments.

For European organizations, the primary impact of CVE-2025-65500 is a denial of service condition that can disrupt IoT and constrained device communications relying on libcoap 4.3.5. This could affect industrial control systems, smart building management, healthcare devices, and other critical infrastructure that use CoAP over DTLS for secure messaging. The loss of availability may lead to operational downtime, safety risks, and potential cascading failures in interconnected systems. Since the vulnerability can be triggered remotely without authentication, attackers can exploit it from outside the network perimeter, increasing the risk of widespread disruption. Organizations with large-scale IoT deployments or those in sectors like manufacturing, energy, and transportation are particularly at risk. The impact on confidentiality and integrity is minimal, as the flaw does not allow code execution or data manipulation but solely causes service interruption. However, the operational impact of DoS in critical environments can be severe, especially if mitigation or patching is delayed.

To mitigate CVE-2025-65500, organizations should prioritize updating libcoap to a version where this vulnerability is patched once it becomes available. In the absence of an official patch, developers should implement defensive coding practices by adding NULL checks after SSL_get_SSL_CTX() calls to prevent dereferencing NULL pointers. Network administrators should consider deploying DTLS handshake anomaly detection and filtering mechanisms at the network edge to block malformed handshake attempts that could trigger the vulnerability. Additionally, segmenting IoT networks and applying strict access controls can limit exposure to untrusted sources. Monitoring logs for unusual DTLS handshake failures can provide early warning of exploitation attempts. For critical environments, temporary workarounds may include disabling DTLS or using alternative secure communication protocols until a fix is applied. Coordinated vulnerability disclosure and communication with device vendors using libcoap is essential to ensure timely remediation.