CVE-2025-65501 identifies a null pointer dereference vulnerability in the coap_dtls_info_callback() function of libcoap version 4.3.5. Libcoap is an open-source implementation of the Constrained Application Protocol (CoAP), widely used in IoT and embedded systems for lightweight communication. The vulnerability arises when the DTLS handshake process calls SSL_get_app_data(), which may return NULL. The coap_dtls_info_callback() function does not properly check for this NULL return value before dereferencing it, leading to a null pointer dereference. This causes the application to crash, resulting in a denial of service condition. The flaw can be triggered remotely by an attacker initiating a DTLS handshake with a specially crafted request, requiring no authentication or user interaction. Although no exploits are currently known in the wild, the vulnerability could be leveraged to disrupt services relying on libcoap, especially in environments where DTLS-secured CoAP communication is critical. The absence of a CVSS score indicates that the vulnerability is newly published and not yet fully assessed. The impact is primarily on availability, with no direct confidentiality or integrity compromise reported. The vulnerability affects libcoap 4.3.5, but the exact range of affected versions is not specified. No official patches or fixes are currently linked, so users must monitor vendor advisories or consider manual code audits and mitigations.

For European organizations, the primary impact of CVE-2025-65501 is the potential for denial of service attacks against systems using libcoap 4.3.5 for DTLS-secured CoAP communications. This is particularly relevant for industries deploying IoT devices and embedded systems, such as smart manufacturing, utilities, healthcare, and smart city infrastructure. Disruptions could lead to loss of availability of critical services, operational downtime, and potential cascading effects in interconnected systems. Since CoAP is often used in constrained environments with limited resources, recovery from crashes may be slow or require manual intervention. The vulnerability does not directly expose sensitive data or allow unauthorized code execution, but the service interruptions could degrade trust and operational continuity. European organizations with large-scale IoT deployments or those integrating CoAP-based devices into their networks should be vigilant. The lack of known exploits reduces immediate risk, but proactive mitigation is advised to prevent future attacks.

1. Monitor official libcoap repositories and vendor advisories for patches addressing CVE-2025-65501 and apply updates promptly once available. 2. In the interim, review and modify the coap_dtls_info_callback() implementation to add null checks for SSL_get_app_data() return values to prevent dereferencing NULL pointers. 3. Implement network-level protections such as rate limiting and anomaly detection on DTLS handshake traffic to identify and block suspicious connection attempts. 4. Segment IoT and embedded device networks to limit exposure and contain potential denial of service impacts. 5. Conduct thorough testing of IoT devices and applications using libcoap to identify if they are affected and validate stability under malformed DTLS handshake attempts. 6. Maintain robust incident response plans focused on availability disruptions in IoT environments. 7. Engage with device manufacturers and vendors to confirm their mitigation status and request updates if needed.