CVE-2025-53537: 
Linux Debian vulnerability analysis and mitigation

LibHTP, a security-aware parser for the HTTP protocol, contains a vulnerability (CVE-2025-53537) in versions 0.5.50 and below. The vulnerability was discovered and disclosed on July 23, 2025, affecting the memory management functionality of the LibHTP parser. This security issue specifically impacts the LZMA decompression feature of the library (GitHub Advisory).

The vulnerability is classified as CWE-401 (Missing Release of Memory after Effective Lifetime) and has received a CVSS v3.1 base score of 7.5 (High). The vulnerability vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating that it can be exploited over the network with low attack complexity, requires no privileges or user interaction, and primarily impacts system availability (NVD).

The vulnerability manifests as a traffic-induced memory leak that can starve the process of memory, ultimately leading to loss of visibility in the affected systems. This primarily affects the availability of the system without compromising confidentiality or integrity (GitHub Advisory).

A fix has been released in version 0.5.51 of LibHTP. For users unable to upgrade immediately, a workaround is available by setting 'suricata.yaml app-layer.protocols.http.libhtp.default-config.lzma-enabled' to false. This configuration change will disable the LZMA feature that contains the vulnerability (GitHub Advisory).

The vulnerability has been acknowledged by multiple security organizations, including CERT-FR, which issued an advisory (CERTFR-2025-AVI-0572) to alert users about the security implications (CERT-FR).