CVE-2025-65501 is a vulnerability identified in libcoap version 4.3.5, specifically within the coap_dtls_info_callback() function. The issue arises from a null pointer dereference triggered when the function SSL_get_app_data() returns NULL during a DTLS handshake. This causes the application to dereference a null pointer, leading to a crash and resulting in a denial of service (DoS) condition. The vulnerability is exploitable remotely without requiring any privileges, but it does require user interaction in the form of initiating a DTLS handshake with the vulnerable server or device. The vulnerability is categorized under CWE-476 (NULL Pointer Dereference). The CVSS v3.1 base score is 4.3, reflecting a medium severity level, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), unchanged scope (S:U), and impact limited to availability (A:L). There are currently no known exploits in the wild, and no patches have been linked yet, indicating that vendors and users should prioritize monitoring and mitigation efforts. Libcoap is widely used in IoT and constrained environments to implement the CoAP protocol, often secured by DTLS, making this vulnerability relevant to devices and services relying on these technologies. The denial of service could disrupt communication and availability of constrained devices or services that use libcoap for secure CoAP messaging.

For European organizations, the primary impact of CVE-2025-65501 is a denial of service condition affecting devices and services using libcoap 4.3.5 with DTLS enabled. This can disrupt availability of IoT devices, industrial control systems, and other constrained environment applications relying on CoAP for communication. Critical infrastructure sectors such as energy, manufacturing, and smart city deployments that utilize constrained devices for monitoring and control could experience service interruptions. While confidentiality and integrity are not directly impacted, the loss of availability could lead to operational disruptions, delayed responses, and potential cascading effects in automated systems. The medium severity score reflects the limited scope of impact but acknowledges the ease of remote exploitation without privileges. Organizations with large IoT deployments or those integrating constrained devices into their networks should assess their exposure and readiness to respond to potential DoS attacks exploiting this vulnerability.

1. Monitor network traffic for abnormal DTLS handshake failures or repeated connection attempts that could indicate exploitation attempts. 2. Apply vendor patches or updates for libcoap as soon as they become available to address the null pointer dereference. 3. Implement network-level protections such as rate limiting, firewall rules, or intrusion prevention systems to restrict unsolicited DTLS handshake attempts from untrusted sources. 4. Segment IoT and constrained device networks to limit exposure to external attackers and reduce the blast radius of potential DoS attacks. 5. Conduct regular security assessments and penetration testing focusing on IoT and constrained protocol implementations to identify similar weaknesses. 6. Engage with device and software vendors to confirm usage of libcoap versions and request security updates if necessary. 7. Prepare incident response plans that include procedures for mitigating DoS attacks on constrained devices and services. 8. Educate operational technology and IoT teams about this vulnerability and encourage proactive monitoring and patch management.