CVE-2025-53604

Published: Jul 5, 2025
Updated: Jul 8, 2025
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2025-53604" target="_blank" rel="noopener"> CVE-2025-53604
GHSA: <a href="https://github.com/advisories/GHSA-287x-9rff-qvcg" target="_blank" rel="noopener"> GHSA-287x-9rff-qvcg
Severity: Medium
Exploit:

The web-push crate before 0.10.3 for Rust allows a denial of service (memory consumption) in the built-in clients via a large integer in a Content-Length header.