CVE-2025-59350

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-59350
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-59350.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-59350
Aliases
Downstream
Related
Published
2025-09-17T19:43:24Z
Modified
2025-10-28T23:52:05.986881Z
Severity
  • 2.7 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U CVSS Calculator
Summary
Timing attacks against Proxy’s basic authentication are possible
Details

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the access control mechanism for the Proxy feature uses simple string comparisons and is therefore vulnerable to timing attacks. An attacker may try to guess the password one character at a time by sending all possible characters to a vulnerable mechanism and measuring the comparison instruction’s execution times. This vulnerability is fixed in 2.1.0.

Database specific 
{
    "cwe_ids": [
        "CWE-208"
    ]
}
References

Affected packages

Git / github.com/dragonflyoss/dragonfly

Affected ranges

Type
GIT
Repo
https://github.com/dragonflyoss/dragonfly
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
8f6f20b604bb540c39db5fb7020926e6db2dd9c8
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.1.0"
        }
    ]
}

Affected versions

v2.*

v2.1.0-beta.1
v2.1.0-beta.2
v2.1.0-beta.3
v2.1.0-beta.4
v2.1.0-rc.0

Git / github.com/dragonflyoss/dragonfly2

Affected ranges

Type
GIT
Repo
https://github.com/dragonflyoss/dragonfly2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
8f6f20b604bb540c39db5fb7020926e6db2dd9c8

Affected versions

v2.*

v2.1.0-beta.1
v2.1.0-beta.2
v2.1.0-beta.3
v2.1.0-beta.4
v2.1.0-rc.0