CVE-2025-54351: 
NixOS vulnerability analysis and mitigation

CVE-2025-54351 affects iperf versions before 3.19.1, specifically related to a buffer overflow vulnerability in net.c when using the --skip-rx-copy option with MSG_TRUNC in recv. The vulnerability was discovered and reported by Han Lee from Apple Information Security and was disclosed on July 25, 2025 (GitHub Release).

The vulnerability exists in the net.c file of iperf and manifests as a buffer overflow condition when the --skip-rx-copy option is used in conjunction with MSG_TRUNC in recv functionality. The issue has been assigned a CVSS v3.1 base score of 8.9 (HIGH) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L, indicating a network-accessible vulnerability with high complexity, no privileges required, and no user interaction needed (NVD).

The vulnerability can lead to buffer overflow conditions, potentially allowing attackers to execute arbitrary code or cause system crashes. The CVSS score indicates that successful exploitation could result in high impacts to both confidentiality and integrity, with a low impact on availability (NVD).

Users are strongly advised to upgrade to iperf version 3.19.1 or later, which contains the fix for this vulnerability. The patch modifies the handling of MSG_TRUNC in the recv functionality to prevent buffer overflow conditions (GitHub Release).