Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2025-AVI-0896
Vulnerability from certfr_avis - Published: 2025-10-17 - Updated: 2025-10-17
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.4.x antérieures à 6.4.0.4 | ||
| IBM | Cloud Pak | Cloud Pak for Security versions antérieures à 1.11.5.0 | ||
| IBM | QRadar | QRadar Investigation Assistant versions antérieures à 1.2.0 | ||
| IBM | WebSphere | WebSphere eXtreme Scale versions 8.6.1.x sans le correctif APAR PH68446 | ||
| IBM | QRadar Suite Software | QRadar Suite Software versions antérieures à 1.11.5.0 | ||
| IBM | Security QRadar EDR | Security QRadar EDR versions antérieures à 3.12.19 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.3.x antérieures à 6.3.0.15 | ||
| IBM | Sterling Connect:Direct | Sterling Connect:Direct Web Services versions 6.2.x antérieures à 6.2.0.29 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling Connect:Direct Web Services versions 6.4.x ant\u00e9rieures \u00e0 6.4.0.4",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak for Security versions ant\u00e9rieures \u00e0 1.11.5.0",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Investigation Assistant versions ant\u00e9rieures \u00e0 1.2.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere eXtreme Scale versions 8.6.1.x sans le correctif APAR PH68446",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Suite Software versions ant\u00e9rieures \u00e0 1.11.5.0",
"product": {
"name": "QRadar Suite Software",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.19",
"product": {
"name": "Security QRadar EDR",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.3.x ant\u00e9rieures \u00e0 6.3.0.15",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Connect:Direct Web Services versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.29",
"product": {
"name": "Sterling Connect:Direct",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2025-27818",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27818"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"name": "CVE-2025-46548",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46548"
},
{
"name": "CVE-2025-27817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27817"
},
{
"name": "CVE-2023-32082",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32082"
},
{
"name": "CVE-2025-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
},
{
"name": "CVE-2019-9674",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9674"
},
{
"name": "CVE-2024-6866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6866"
},
{
"name": "CVE-2025-1647",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1647"
},
{
"name": "CVE-2020-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10735"
},
{
"name": "CVE-2024-12798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
},
{
"name": "CVE-2025-49125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49125"
},
{
"name": "CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"name": "CVE-2018-8740",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8740"
},
{
"name": "CVE-2025-30754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2025-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
},
{
"name": "CVE-2025-49826",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49826"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2025-30474",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30474"
},
{
"name": "CVE-2025-4565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"name": "CVE-2023-44389",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44389"
},
{
"name": "CVE-2022-38749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2024-6844",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6844"
},
{
"name": "CVE-2024-12801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2025-48989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
},
{
"name": "CVE-2022-22968",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22968"
},
{
"name": "CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"name": "CVE-2025-27553",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27553"
},
{
"name": "CVE-2025-30761",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2024-6484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6484"
},
{
"name": "CVE-2025-48988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48988"
},
{
"name": "CVE-2025-47278",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47278"
},
{
"name": "CVE-2024-6485",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6485"
},
{
"name": "CVE-2025-1767",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1767"
},
{
"name": "CVE-2025-49005",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49005"
},
{
"name": "CVE-2025-30218",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30218"
},
{
"name": "CVE-2023-36479",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36479"
},
{
"name": "CVE-2022-31628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31628"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2024-7598",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7598"
},
{
"name": "CVE-2025-29927",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29927"
},
{
"name": "CVE-2025-55668",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55668"
},
{
"name": "CVE-2022-38751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"name": "CVE-2025-46653",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46653"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2024-6827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6827"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2022-38750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
},
{
"name": "CVE-2025-53864",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53864"
},
{
"name": "CVE-2024-6839",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6839"
},
{
"name": "CVE-2025-48997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48997"
},
{
"name": "CVE-2025-48387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48387"
},
{
"name": "CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"name": "CVE-2025-46392",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46392"
},
{
"name": "CVE-2025-7338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7338"
},
{
"name": "CVE-2024-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44906"
},
{
"name": "CVE-2025-59343",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59343"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
}
],
"initial_release_date": "2025-10-17T00:00:00",
"last_revision_date": "2025-10-17T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0896",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7247985",
"url": "https://www.ibm.com/support/pages/node/7247985"
},
{
"published_at": "2025-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7247975",
"url": "https://www.ibm.com/support/pages/node/7247975"
},
{
"published_at": "2025-10-14",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7247893",
"url": "https://www.ibm.com/support/pages/node/7247893"
},
{
"published_at": "2025-10-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7248127",
"url": "https://www.ibm.com/support/pages/node/7248127"
},
{
"published_at": "2025-10-16",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7248118",
"url": "https://www.ibm.com/support/pages/node/7248118"
}
]
}
CVE-2025-50106 (GCVE-0-2025-50106)
Vulnerability from cvelistv5 – Published: 2025-07-15 19:27 – Updated: 2026-02-26 17:50
VLAI
EPSS
Summary
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.
- CWE-noinfo Not enough information
Assigner
References
3 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Oracle Corporation | Oracle Java SE |
Affected:
8u451
Affected: 8u451-perf Affected: 11.0.27 Affected: 17.0.15 Affected: 21.0.7 Affected: 24.0.1 |
|
| Oracle Corporation | Oracle GraalVM for JDK |
Affected:
17.0.15
Affected: 21.0.7 Affected: 24.0.1 |
|
| Oracle Corporation | Oracle GraalVM Enterprise Edition |
Affected:
21.3.14
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-50106",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-16T03:56:15.326170Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:50:35.373Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:05:33.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00014.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Oracle Java SE",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "8u451"
},
{
"status": "affected",
"version": "8u451-perf"
},
{
"status": "affected",
"version": "11.0.27"
},
{
"status": "affected",
"version": "17.0.15"
},
{
"status": "affected",
"version": "21.0.7"
},
{
"status": "affected",
"version": "24.0.1"
}
]
},
{
"product": "Oracle GraalVM for JDK",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "17.0.15"
},
{
"status": "affected",
"version": "21.0.7"
},
{
"status": "affected",
"version": "24.0.1"
}
]
},
{
"product": "Oracle GraalVM Enterprise Edition",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "21.3.14"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:java_se:8u451:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:java_se:8u451:*:*:*:enterprise_performance:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:java_se:11.0.27:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:java_se:17.0.15:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:java_se:21.0.7:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:java_se:24.0.1:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.15:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.7:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:24.0.1:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graalvm:21.3.14:*:*:*:enterprise:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-15T19:27:51.820Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2025.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2025-50106",
"datePublished": "2025-07-15T19:27:51.820Z",
"dateReserved": "2025-06-11T22:56:56.114Z",
"dateUpdated": "2026-02-26T17:50:35.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-50181 (GCVE-0-2025-50181)
Vulnerability from cvelistv5 – Published: 2025-06-19 01:08 – Updated: 2025-12-22 18:44
VLAI
EPSS
Title
urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation
Summary
urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/urllib3/urllib3/security/advis… | x_refsource_CONFIRM |
| https://github.com/urllib3/urllib3/commit/f05b132… | x_refsource_MISC |
| https://github.com/urllib3/urllib3/releases/tag/2.5.0 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-50181",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T16:45:50.408081Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T16:46:13.820Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "urllib3",
"vendor": "urllib3",
"versions": [
{
"status": "affected",
"version": "\u003c 2.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T18:44:17.668Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v"
},
{
"name": "https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857"
},
{
"name": "https://github.com/urllib3/urllib3/releases/tag/2.5.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/urllib3/urllib3/releases/tag/2.5.0"
}
],
"source": {
"advisory": "GHSA-pq67-6m6q-mj2v",
"discovery": "UNKNOWN"
},
"title": "urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-50181",
"datePublished": "2025-06-19T01:08:00.340Z",
"dateReserved": "2025-06-13T19:17:51.726Z",
"dateUpdated": "2025-12-22T18:44:17.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-50182 (GCVE-0-2025-50182)
Vulnerability from cvelistv5 – Published: 2025-06-19 01:42 – Updated: 2025-12-22 18:43
VLAI
EPSS
Title
urllib3 does not control redirects in browsers and Node.js
Summary
urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means Python libraries can be used to make HTTP requests from a browser or Node.js. Additionally, urllib3 provides a mechanism to control redirects, but the retries and redirect parameters are ignored with Pyodide; the runtime itself determines redirect behavior. This issue has been patched in version 2.5.0.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/urllib3/urllib3/security/advis… | x_refsource_CONFIRM |
| https://github.com/urllib3/urllib3/commit/7eb4a2a… | x_refsource_MISC |
| https://github.com/urllib3/urllib3/releases/tag/2.5.0 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-50182",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T16:55:48.101990Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T16:56:19.447Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "urllib3",
"vendor": "urllib3",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.2.0, \u003c 2.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means Python libraries can be used to make HTTP requests from a browser or Node.js. Additionally, urllib3 provides a mechanism to control redirects, but the retries and redirect parameters are ignored with Pyodide; the runtime itself determines redirect behavior. This issue has been patched in version 2.5.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-22T18:43:46.779Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/urllib3/urllib3/security/advisories/GHSA-48p4-8xcf-vxj5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-48p4-8xcf-vxj5"
},
{
"name": "https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f"
},
{
"name": "https://github.com/urllib3/urllib3/releases/tag/2.5.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/urllib3/urllib3/releases/tag/2.5.0"
}
],
"source": {
"advisory": "GHSA-48p4-8xcf-vxj5",
"discovery": "UNKNOWN"
},
"title": "urllib3 does not control redirects in browsers and Node.js"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-50182",
"datePublished": "2025-06-19T01:42:44.921Z",
"dateReserved": "2025-06-13T19:17:51.726Z",
"dateUpdated": "2025-12-22T18:43:46.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-53864 (GCVE-0-2025-53864)
Vulnerability from cvelistv5 – Published: 2025-07-11 00:00 – Updated: 2025-09-23 18:38
VLAI
EPSS
Summary
Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2id product could have checked the JSON object nesting depth, regardless of what limits (if any) were imposed by Gson.
Severity
5.8 (Medium)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-674 - Uncontrolled Recursion
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Connect2id | Nimbus JOSE+JWT |
Affected:
0 , < 10.0.2
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53864",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T13:28:35.322634Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T13:28:38.382Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/583/stackoverflowerror-due-to-deeply-nested"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Nimbus JOSE+JWT",
"vendor": "Connect2id",
"versions": [
{
"lessThan": "10.0.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2id product could have checked the JSON object nesting depth, regardless of what limits (if any) were imposed by Gson."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "CWE-674 Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-23T18:38:15.547Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/583/stackoverflowerror-due-to-deeply-nested"
},
{
"url": "https://github.com/google/gson/compare/gson-parent-2.11.0...gson-parent-2.12.0"
},
{
"url": "https://github.com/google/gson/commit/1039427ff0100293dd3cf967a53a55282c0fef6b"
},
{
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/f7fb882cc08f027c9ceb874acec3b51c6222861c"
},
{
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/593/back-port-cve-2025-53864-fix-to-9x-branch"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-53864",
"datePublished": "2025-07-11T00:00:00.000Z",
"dateReserved": "2025-07-11T00:00:00.000Z",
"dateUpdated": "2025-09-23T18:38:15.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-55668 (GCVE-0-2025-55668)
Vulnerability from cvelistv5 – Published: 2025-08-13 13:21 – Updated: 2025-11-04 21:13
VLAI
EPSS
Title
Apache Tomcat: session fixation via rewrite valve
Summary
Session Fixation vulnerability in Apache Tomcat via rewrite valve.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.
Older, EOL versions may also be affected.
Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-384 - Session Fixation
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Tomcat |
Affected:
11.0.0-M1 , ≤ 11.0.7
(semver)
Affected: 10.1.0-M1 , ≤ 10.1.41 (semver) Affected: 9.0.0.M1 , ≤ 9.0.105 (semver) Unknown: 8 , < 9.0.0.M1 (semver) Unknown: 10.0.0-M1 , ≤ 10.0.27 (semver) |
Credits
Greg K (https://github.com/gregk4sec)
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-55668",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-13T13:38:12.498649Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-13T13:39:26.761Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:13:09.014Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/08/13/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Apache Tomcat",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "11.0.7",
"status": "affected",
"version": "11.0.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.1.41",
"status": "affected",
"version": "10.1.0-M1",
"versionType": "semver"
},
{
"lessThanOrEqual": "9.0.105",
"status": "affected",
"version": "9.0.0.M1",
"versionType": "semver"
},
{
"lessThan": "9.0.0.M1",
"status": "unknown",
"version": "8",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.0.27",
"status": "unknown",
"version": "10.0.0-M1",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Greg K (https://github.com/gregk4sec)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSession Fixation vulnerability in Apache Tomcat via rewrite valve.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.\u003cbr\u003eOlder, EOL versions may also be affected.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.\u003c/p\u003e"
}
],
"value": "Session Fixation vulnerability in Apache Tomcat via rewrite valve.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.\nOlder, EOL versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "moderate"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384 Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-29T11:39:30.355Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/v6bknr96rl7l1qxkl1c03v0qdvbbqs47"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Tomcat: session fixation via rewrite valve",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-55668",
"datePublished": "2025-08-13T13:21:35.743Z",
"dateReserved": "2025-08-13T12:16:36.881Z",
"dateUpdated": "2025-11-04T21:13:09.014Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-58754 (GCVE-0-2025-58754)
Vulnerability from cvelistv5 – Published: 2025-09-12 01:16 – Updated: 2026-01-16 14:50
VLAI
EPSS
Title
Axios is vulnerable to DoS attack through lack of data size check
Summary
Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response. This path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested `responseType: 'stream'`. Versions 0.30.2 and 1.12.0 contain a patch for the issue.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://github.com/axios/axios/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/axios/axios/pull/7011 | x_refsource_MISC |
| https://github.com/axios/axios/pull/7034 | x_refsource_MISC |
| https://github.com/axios/axios/commit/945435fc514… | x_refsource_MISC |
| https://github.com/axios/axios/commit/a1b1d3f073a… | x_refsource_MISC |
| https://github.com/axios/axios/commit/c30252f685e… | x_refsource_MISC |
| https://github.com/axios/axios/releases/tag/v0.30.2 | x_refsource_MISC |
| https://github.com/axios/axios/releases/tag/v1.12.0 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58754",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-12T13:08:38.895896Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T13:08:42.426Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "axios",
"vendor": "axios",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.12.0"
},
{
"status": "affected",
"version": "\u003e= 0.28.0, \u003c 0.30.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response. This path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested `responseType: \u0027stream\u0027`. Versions 0.30.2 and 1.12.0 contain a patch for the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T14:50:09.107Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj"
},
{
"name": "https://github.com/axios/axios/pull/7011",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axios/axios/pull/7011"
},
{
"name": "https://github.com/axios/axios/pull/7034",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axios/axios/pull/7034"
},
{
"name": "https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593"
},
{
"name": "https://github.com/axios/axios/commit/a1b1d3f073a988601583a604f5f9f5d05a3d0b67",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axios/axios/commit/a1b1d3f073a988601583a604f5f9f5d05a3d0b67"
},
{
"name": "https://github.com/axios/axios/commit/c30252f685e8f4326722de84923fcbc8cf557f06",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axios/axios/commit/c30252f685e8f4326722de84923fcbc8cf557f06"
},
{
"name": "https://github.com/axios/axios/releases/tag/v0.30.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axios/axios/releases/tag/v0.30.2"
},
{
"name": "https://github.com/axios/axios/releases/tag/v1.12.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axios/axios/releases/tag/v1.12.0"
}
],
"source": {
"advisory": "GHSA-4hjh-wcwx-xvwj",
"discovery": "UNKNOWN"
},
"title": "Axios is vulnerable to DoS attack through lack of data size check"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-58754",
"datePublished": "2025-09-12T01:16:40.513Z",
"dateReserved": "2025-09-04T19:18:09.499Z",
"dateUpdated": "2026-01-16T14:50:09.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-5889 (GCVE-0-2025-5889)
Vulnerability from cvelistv5 – Published: 2025-06-09 18:16 – Updated: 2025-06-11 10:39
VLAI
EPSS
Title
juliangruber brace-expansion index.js expand redos
Summary
A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.1.12, 2.0.2, 3.0.1 and 4.0.1 is able to address this issue. The name of the patch is a5b98a4f30d7813266b221435e1eaaf25a1b0ac5. It is recommended to upgrade the affected component.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.311660 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.311660 | signaturepermissions-required |
| https://vuldb.com/?submit.585717 | third-party-advisory |
| https://gist.github.com/mmmsssttt404/37a40ce7d6e5… | exploit |
| https://github.com/juliangruber/brace-expansion/p… | issue-trackingpatch |
| https://github.com/juliangruber/brace-expansion/r… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| juliangruber | brace-expansion |
Affected:
1.1.0
Affected: 1.1.1 Affected: 1.1.2 Affected: 1.1.3 Affected: 1.1.4 Affected: 1.1.5 Affected: 1.1.6 Affected: 1.1.7 Affected: 1.1.8 Affected: 1.1.9 Affected: 1.1.10 Affected: 1.1.11 Affected: 2.0.0 Affected: 2.0.1 Affected: 3.0 Affected: 4.0 Unaffected: 1.1.12 Unaffected: 2.0.2 Unaffected: 3.0.1 Unaffected: 4.0.1 |
Credits
mmmsssttt (VulDB User)
tgerbet_enalean (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5889",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T18:45:24.910231Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T18:45:54.037Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "brace-expansion",
"vendor": "juliangruber",
"versions": [
{
"status": "affected",
"version": "1.1.0"
},
{
"status": "affected",
"version": "1.1.1"
},
{
"status": "affected",
"version": "1.1.2"
},
{
"status": "affected",
"version": "1.1.3"
},
{
"status": "affected",
"version": "1.1.4"
},
{
"status": "affected",
"version": "1.1.5"
},
{
"status": "affected",
"version": "1.1.6"
},
{
"status": "affected",
"version": "1.1.7"
},
{
"status": "affected",
"version": "1.1.8"
},
{
"status": "affected",
"version": "1.1.9"
},
{
"status": "affected",
"version": "1.1.10"
},
{
"status": "affected",
"version": "1.1.11"
},
{
"status": "affected",
"version": "2.0.0"
},
{
"status": "affected",
"version": "2.0.1"
},
{
"status": "affected",
"version": "3.0"
},
{
"status": "affected",
"version": "4.0"
},
{
"status": "unaffected",
"version": "1.1.12"
},
{
"status": "unaffected",
"version": "2.0.2"
},
{
"status": "unaffected",
"version": "3.0.1"
},
{
"status": "unaffected",
"version": "4.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "mmmsssttt (VulDB User)"
},
{
"lang": "en",
"type": "analyst",
"value": "tgerbet_enalean (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.1.12, 2.0.2, 3.0.1 and 4.0.1 is able to address this issue. The name of the patch is a5b98a4f30d7813266b221435e1eaaf25a1b0ac5. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "Eine problematische Schwachstelle wurde in juliangruber brace-expansion bis 1.1.11/2.0.1/3.0.0/4.0.0 ausgemacht. Davon betroffen ist die Funktion expand der Datei index.js. Durch Manipulieren mit unbekannten Daten kann eine inefficient regular expression complexity-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 1.1.12, 2.0.2, 3.0.1 and 4.0.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als a5b98a4f30d7813266b221435e1eaaf25a1b0ac5 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.1,
"vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T10:39:58.114Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-311660 | juliangruber brace-expansion index.js expand redos",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.311660"
},
{
"name": "VDB-311660 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.311660"
},
{
"name": "Submit #585717 | juliangruber @juliangruber/brace-expansion 1.1.11 Inefficient Regular Expression Complexity",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.585717"
},
{
"tags": [
"exploit"
],
"url": "https://gist.github.com/mmmsssttt404/37a40ce7d6e5ca604858fe30814d9466"
},
{
"tags": [
"issue-tracking",
"patch"
],
"url": "https://github.com/juliangruber/brace-expansion/pull/65/commits/a5b98a4f30d7813266b221435e1eaaf25a1b0ac5"
},
{
"tags": [
"patch"
],
"url": "https://github.com/juliangruber/brace-expansion/releases/tag/v4.0.1"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-06-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-09T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-11T12:37:04.000Z",
"value": "VulDB entry last update"
}
],
"title": "juliangruber brace-expansion index.js expand redos"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-5889",
"datePublished": "2025-06-09T18:16:01.889Z",
"dateReserved": "2025-06-09T06:19:24.886Z",
"dateUpdated": "2025-06-11T10:39:58.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-59343 (GCVE-0-2025-59343)
Vulnerability from cvelistv5 – Published: 2025-09-24 17:43 – Updated: 2025-11-03 18:13
VLAI
EPSS
Title
tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball
Summary
tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves using the ignore option on non files/directories.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/mafintosh/tar-fs/security/advi… | x_refsource_CONFIRM |
| https://github.com/mafintosh/tar-fs/commit/0bd54c… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2025… |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59343",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-03T14:49:04.310765Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T14:49:06.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T18:13:55.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00028.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "tar-fs",
"vendor": "mafintosh",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.1.1"
},
{
"status": "affected",
"version": "\u003e= 2.0.0, \u003c 2.1.3"
},
{
"status": "affected",
"version": "\u003c 1.16.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves using the ignore option on non files/directories."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T17:43:34.728Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/mafintosh/tar-fs/security/advisories/GHSA-vj76-c3g6-qr5v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/mafintosh/tar-fs/security/advisories/GHSA-vj76-c3g6-qr5v"
},
{
"name": "https://github.com/mafintosh/tar-fs/commit/0bd54cdf06da2b7b5b95cd4b062c9f4e0a8c4e09",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mafintosh/tar-fs/commit/0bd54cdf06da2b7b5b95cd4b062c9f4e0a8c4e09"
}
],
"source": {
"advisory": "GHSA-vj76-c3g6-qr5v",
"discovery": "UNKNOWN"
},
"title": "tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-59343",
"datePublished": "2025-09-24T17:43:34.728Z",
"dateReserved": "2025-09-12T12:36:24.636Z",
"dateUpdated": "2025-11-03T18:13:55.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-7338 (GCVE-0-2025-7338)
Vulnerability from cvelistv5 – Published: 2025-07-17 15:26 – Updated: 2025-07-17 16:48
VLAI
EPSS
Title
Multer vulnerable to Denial of Service via unhandled exception from malformed request
Summary
Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.2 to receive a patch. No known workarounds are available.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7338",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-17T16:48:34.245218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-17T16:48:43.154Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "multer",
"vendor": "expressjs",
"versions": [
{
"lessThan": "2.0.2",
"status": "affected",
"version": "1.4.4-lts.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.2 to receive a patch. No known workarounds are available."
}
],
"value": "Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.2 to receive a patch. No known workarounds are available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-17T15:26:45.427Z",
"orgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
"shortName": "openjs"
},
"references": [
{
"url": "https://github.com/expressjs/multer/security/advisories/GHSA-fjgf-rc76-4x9p"
},
{
"url": "https://github.com/expressjs/multer/commit/adfeaf669f0e7fe953eab191a762164a452d143b"
},
{
"url": "https://cna.openjsf.org/security-advisories.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Multer vulnerable to Denial of Service via unhandled exception from malformed request",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
"assignerShortName": "openjs",
"cveId": "CVE-2025-7338",
"datePublished": "2025-07-17T15:26:45.427Z",
"dateReserved": "2025-07-07T20:01:12.534Z",
"dateUpdated": "2025-07-17T16:48:43.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7783 (GCVE-0-2025-7783)
Vulnerability from cvelistv5 – Published: 2025-07-18 16:34 – Updated: 2025-11-03 20:07
VLAI
EPSS
Title
Usage of unsafe random function in form-data for choosing boundary
Summary
Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js.
This issue affects form-data: < 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-330 - Use of Insufficiently Random Values
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/form-data/form-data/security/a… | third-party-advisory |
| https://github.com/form-data/form-data/commit/3d1… | patch |
| https://lists.debian.org/debian-lts-announce/2025… |
Impacted products
Credits
https://github.com/benweissmann
https://github.com/benweissmann
https://github.com/ljharb
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7783",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-22T14:54:27.721309Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T14:54:31.105Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:07:41.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://npmjs.com/form-data",
"defaultStatus": "unaffected",
"packageName": "form-data",
"programFiles": [
"lib/form_data.js"
],
"repo": "https://github.com/form-data/form-data",
"versions": [
{
"status": "affected",
"version": "\u003c 2.5.4",
"versionType": "semver"
},
{
"status": "affected",
"version": "3.0.0 - 3.0.3",
"versionType": "semver"
},
{
"status": "affected",
"version": "4.0.0 - 4.0.3",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "https://github.com/benweissmann"
},
{
"lang": "en",
"type": "remediation developer",
"value": "https://github.com/benweissmann"
},
{
"lang": "en",
"type": "remediation reviewer",
"value": "https://github.com/ljharb"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP).\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003elib/form_data.Js\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects form-data: \u0026lt; 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.\u003c/p\u003e"
}
],
"value": "Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js.\n\nThis issue affects form-data: \u003c 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3."
}
],
"impacts": [
{
"capecId": "CAPEC-460",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-460 HTTP Parameter Pollution (HPP)"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330 Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-18T16:34:44.889Z",
"orgId": "7ffcee3d-2c14-4c3e-b844-86c6a321a158",
"shortName": "harborist"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4"
},
{
"tags": [
"patch"
],
"url": "https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Usage of unsafe random function in form-data for choosing boundary",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7ffcee3d-2c14-4c3e-b844-86c6a321a158",
"assignerShortName": "harborist",
"cveId": "CVE-2025-7783",
"datePublished": "2025-07-18T16:34:44.889Z",
"dateReserved": "2025-07-18T04:34:56.939Z",
"dateUpdated": "2025-11-03T20:07:41.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…