CVE-2025-65502 identifies a null pointer dereference vulnerability in the add_ca_certs() function of Cesanta Mongoose versions prior to 7.2. The issue arises during TLS initialization when the function SSL_CTX_get_cert_store() returns a NULL pointer, which is not properly checked before dereferencing. This leads to a crash of the application or service using Mongoose, resulting in a denial of service (DoS) condition. The vulnerability can be triggered remotely by an attacker who can initiate TLS connections to the affected service, requiring no privileges and only limited user interaction. The flaw is categorized under CWE-476 (NULL Pointer Dereference), which typically causes application crashes and potential service outages. While the vulnerability does not compromise confidentiality or integrity, it impacts availability by causing unexpected termination of processes handling TLS connections. No patches or exploits are currently documented, but the issue is publicly disclosed with a medium severity CVSS score of 4.3. Cesanta Mongoose is widely used in embedded systems, IoT devices, and networked applications, making this vulnerability relevant for environments relying on secure communications. Proper error handling and validation of SSL context certificate stores are essential to prevent this issue.

The primary impact of CVE-2025-65502 is denial of service, which can disrupt availability of services relying on Cesanta Mongoose for TLS communications. European organizations deploying Mongoose in IoT devices, embedded systems, or networked applications may experience service interruptions, potentially affecting critical infrastructure or business operations. Although the vulnerability does not expose sensitive data or allow unauthorized access, repeated exploitation could degrade trust in affected services and cause operational downtime. In sectors such as manufacturing, healthcare, or smart city infrastructure, where Mongoose might be embedded, this could lead to significant operational challenges. The ease of remote exploitation without authentication increases the risk profile, especially for exposed network services. However, the requirement for user interaction (e.g., initiating a TLS handshake) somewhat limits automated exploitation. Overall, the impact is moderate but relevant for organizations with critical TLS-dependent services using the affected library.

1. Upgrade Cesanta Mongoose to version 7.2 or later once the patch addressing this vulnerability is released. 2. In the interim, implement additional error handling around TLS initialization code to verify that SSL_CTX_get_cert_store() does not return NULL before dereferencing. 3. Employ network-level protections such as rate limiting and firewall rules to restrict access to services using Mongoose, reducing exposure to malicious TLS connection attempts. 4. Monitor logs for abnormal TLS handshake failures or crashes that may indicate exploitation attempts. 5. For embedded or IoT devices, ensure secure firmware update mechanisms are in place to deploy patches promptly. 6. Conduct code audits on custom integrations of Mongoose to identify and remediate similar null pointer dereference risks. 7. Educate developers on secure TLS initialization practices and proper validation of SSL context components.