CVE-2025-59410 – Dragonfly tiny file download uses hard coded HTTP protocol

CVE ID : CVE-2025-59410

Published : Sept. 17, 2025, 8:15 p.m. | 44 minutes ago

Description : Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the code in the scheduler for downloading a tiny file is hard coded to use the HTTP protocol, rather than HTTPS. This means that an attacker could perform a Man-in-the-Middle attack, changing the network request so that a different piece of data gets downloaded. This vulnerability is fixed in 2.1.0.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…