{"vulnerability": "CVE-2025-25193", "sightings": [{"uuid": "bf391b38-0096-4384-aeff-fb18b22d5a72", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25193", "type": "seen", "source": "https://bsky.app/profile/knaepp.bsky.social/post/3ll7jf2emfq2w", "content": "", "creation_timestamp": "2025-03-25T14:50:05.131923Z"}, {"uuid": "85e65915-a7e5-4d95-8e03-566ebc654d76", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25193", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/bbcbc485-b88d-4831-b8e9-6e37e7bd9875", "content": "", "creation_timestamp": "2026-01-21T21:18:16.771453Z"}, {"uuid": "d79f2033-03af-4210-b997-b39d1e6784fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25193", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4939", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25193\n\ud83d\udd25 CVSS Score: 5.5 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crash. A similar issue was previously reported as CVE-2024-47535. This issue was fixed, but the fix was incomplete in that null-bytes were not counted against the input limit. Commit d1fbda62d3a47835d3fb35db8bd42ecc205a5386 contains an updated fix.\n\ud83d\udccf Published: 2025-02-10T22:02:17.197Z\n\ud83d\udccf Modified: 2025-02-21T18:03:38.211Z\n\ud83d\udd17 References:\n1. https://github.com/netty/netty/security/advisories/GHSA-389x-839f-4rhx\n2. https://github.com/netty/netty/commit/d1fbda62d3a47835d3fb35db8bd42ecc205a5386", "creation_timestamp": "2025-02-21T18:18:54.000000Z"}, {"uuid": "8076b2e8-bc96-47f6-87ae-20e907f198a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25193", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113981856193211167", "content": "", "creation_timestamp": "2025-02-10T22:05:01.096585Z"}, {"uuid": "17f0527e-7a19-4b36-8c58-4b2ea796cc37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25193", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lhu6b5ecvd2x", "content": "", "creation_timestamp": "2025-02-10T22:16:10.784346Z"}, {"uuid": "c1ca3e9b-ff28-4d97-8b73-38516459d1df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25193", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lhueufbheg2t", "content": "", "creation_timestamp": "2025-02-11T00:14:22.140751Z"}, {"uuid": "32837a26-804c-47fe-a44b-b161448a55a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25193", "type": "seen", "source": "https://bsky.app/profile/knaepp.bsky.social/post/3llbfqbd4ju2w", "content": "", "creation_timestamp": "2025-03-26T08:50:06.140999Z"}, {"uuid": "5d04c0bd-f729-4e81-a5ba-21ebc56c92d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25193", "type": "seen", "source": "https://bsky.app/profile/gcpweekly.bsky.social/post/3lzzeuwgnak2r", "content": "", "creation_timestamp": "2025-09-30T01:31:25.718128Z"}, {"uuid": "184042c7-c183-46db-8e0f-8ffd818b8128", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25193", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/4455", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-25193\n\ud83d\udd25 CVSS Score: 5.4 (CVSS_V3)\n\ud83d\udd39 Description: ### Summary\nAn unsafe reading of environment file could potentially cause a denial of service in Netty.\nWhen loaded on an Windows application, Netty attemps to load a file that does not exist. If an attacker creates such a large file, the Netty application crash.\n\n### Details\nA similar issue was previously reported in https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv\nThis issue was fixed, but the fix was incomplete in that null-bytes were not counted against the input limit.\n\n\n### PoC\nThe PoC is the same as for https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv with the detail that the file should only contain null-bytes; 0x00.\nWhen the null-bytes are encountered by the `InputStreamReader`, it will issue replacement characters in its charset decoding, which will fill up the line-buffer in the `BufferedReader.readLine()`, because the replacement character is not a line-break character.\n\n### Impact\nImpact is the same as https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv\n\ud83d\udccf Published: 2025-02-10T18:14:47Z\n\ud83d\udccf Modified: 2025-02-14T15:02:31Z\n\ud83d\udd17 References:\n1. https://github.com/netty/netty/security/advisories/GHSA-389x-839f-4rhx\n2. https://nvd.nist.gov/vuln/detail/CVE-2025-25193\n3. https://github.com/netty/netty/commit/d1fbda62d3a47835d3fb35db8bd42ecc205a5386\n4. https://github.com/netty/netty", "creation_timestamp": "2025-02-14T15:15:16.000000Z"}, {"uuid": "7f9dcc75-2de9-4d7e-90f4-94dd5aeb81aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25193", "type": "seen", "source": "https://bsky.app/profile/knaepp.bsky.social/post/3ll7sd5r3b72s", "content": "", "creation_timestamp": "2025-03-25T17:30:05.258089Z"}, {"uuid": "df9d38a6-c168-43c4-b6e0-204f5f14ef95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25193", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1729", "content": "", "creation_timestamp": "2026-01-21T04:00:00.000000Z"}, {"uuid": "ef48fa6a-23dd-44d8-9f8e-f9a968a97bd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-25193", "type": "seen", "source": "https://t.me/cvedetector/17614", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-25193 - Netty Windows Environment File Denial of Service (DoS)\", \n  \"Content\": \"CVE ID : CVE-2025-25193 \nPublished : Feb. 10, 2025, 10:15 p.m. | 1\u00a0hour, 29\u00a0minutes ago \nDescription : Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crash. A similar issue was previously reported as CVE-2024-47535. This issue was fixed, but the fix was incomplete in that null-bytes were not counted against the input limit. Commit d1fbda62d3a47835d3fb35db8bd42ecc205a5386 contains an updated fix. \nSeverity: 5.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"11 Feb 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-02-11T01:27:23.000000Z"}]}