CVE-2025-53629: 
Homebrew vulnerability analysis and mitigation

CVE-2025-53629 affects cpp-httplib, a C++11 single-file header-only cross platform HTTP/HTTPS library. The vulnerability was discovered and disclosed on July 10, 2025, where incoming requests using Transfer-Encoding: chunked in the header can allocate memory arbitrarily in the server, potentially leading to its exhaustion. This vulnerability affects versions prior to 0.23.0 (GitHub Advisory).

The vulnerability stems from the library's handling of chunked transfer encoding requests. While version 0.20.1 attempted to fix unbounded line length issues, the core vulnerability persisted as the library failed to enforce a total limit on the accumulated length of chunks from a single request. The vulnerability has a CVSS v3.1 score of 7.5 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating it can be exploited remotely without requiring privileges or user interaction (GitHub Advisory).

The primary impacts of this vulnerability are Denial of Service (DoS) and resource exhaustion. An attacker can cause the server process to consume excessive memory until it crashes or becomes unresponsive. In multi-tenant systems, this can affect other applications by consuming system resources (GitHub Advisory).

The vulnerability has been fixed in version 0.23.0 of cpp-httplib. The recommended mitigation is to upgrade to this version. For those unable to upgrade immediately, the suggested workaround is to enforce a limit on the total accumulated length of chunks from one request (GitHub Advisory).