CVE-2025-54350: 
NixOS vulnerability analysis and mitigation

CVE-2025-54350 is a security vulnerability discovered in iperf versions before 3.19.1, specifically affecting the authentication mechanism. The vulnerability was identified in the iperf_auth.c file, where a Base64Decode assertion failure occurs upon malformed authentication attempts. The issue was reported by Han Lee from Apple Information Security and was disclosed on July 25, 2025 (GitHub Release).

The vulnerability stems from an assertion check in the Base64Decode function within iperf_auth.c that would trigger a failure and cause the application to exit when encountering malformed authentication attempts. The vulnerability has been assigned a CVSS v3.1 score of 3.7 (LOW) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L. The weakness has been classified as CWE-617 (Reachable Assertion) (NVD).

When exploited, this vulnerability causes the iperf application to exit unexpectedly upon receiving malformed authentication attempts. This can result in a denial of service condition, affecting the availability of the iperf service (NVD).

The vulnerability has been fixed in iperf version 3.19.1 by removing the problematic assertion check. Users are strongly recommended to upgrade to version 3.19.1 or later to address this security issue (GitHub Release).