QUIC-LEAK (CVE-2025-54939): New High-Risk Pre-Handshake Remote Denial of Service in LSQUIC QUIC Implementation
Imperva Offensive team discovered that threat actors could smuggle malformed packets to exhaust memory and crash QUIC servers even before a connection handshake is established, therefore, bypassing QUIC connection-level safeguards. Executive Summary QUIC-LEAK (CVE-2025-54939) is a newly discovered pre-handshake memory exhaustion vulnerability in the LSQUIC QUIC implementation, the second most widely used implementation after Quiche. […]
