In April 2025, Cloudflare addressed two security vulnerabilities (CVE-2025-4820 and CVE-2025-4821) within their open-source QUIC protocol implementation, quiche, which were identified through their Public Bug Bounty program. These vulnerabilities involved DDoS risks related to packet acknowledgement (ACK) handling, allowing potential attackers to exploit lack of ACK validation to artificially inflate send rates and gain unfair network advantages. The vulnerabilities, though not exploited, were promptly patched by Cloudflare, enhancing ACK range validation and implementing dynamic congestion window (CWND)-aware skip frequency to mitigate attacks like the Optimistic ACK attack. This approach ensures fairness and prevents malicious clients from leveraging network resources excessively. Cloudflare's proactive response also involved collaboration with researchers who disclosed the vulnerabilities, enabling the bolstering of security across multiple QUIC implementations.