CVE-2025-59351

Dragonfly possibly panics due to nil pointer dereference when using variables created alongside an error

Description

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the first return value of a function is dereferenced even when the function returns an error. This can result in a nil dereference, and cause code to panic. This vulnerability is fixed in 2.1.0.

INFO

Published Date :

2025-09-17T19:46:41.322Z

Last Modified :

2025-09-18T17:42:35.283Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2025-59351 vulnerability.

Vendors	Products
Dragonflyoss	Dragonfly2
Linuxfoundation	Dragonfly

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-59351.

URL	Resource
https://github.com/dragonflyoss/dragonfly/blob/main/docs/security/dragonfly-comprehensive-report-2023.pdf
https://github.com/dragonflyoss/dragonfly/security/advisories/GHSA-4mhv-8rh3-4ghw

CVSS Vulnerability Scoring System

V4
V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact