Vulnerability-Lookup

WID-SEC-W-2025-2424

Vulnerability from csaf_certbund - Published: 2025-10-27 23:00 - Updated: 2025-10-28 23:00

Summary

IBM Rational Team Concert: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: IBM Rational Team Concert ist ein Kollaborationstool zur Software Entwicklung.

Angriff: Ein Angreifer kann mehrere Schwachstellen in IBM Rational Team Concert ausnutzen, um einen Denial-of-Service-Angriff durchzuführen, Eingaben oder Protokolle zu manipulieren, die Authentifizierung zu umgehen, beliebigen Code auszuführen, Cross-Site-Scripting durchzuführen, sensible Informationen offenzulegen oder offene Weiterleitungen auszulösen.

Betroffene Betriebssysteme: - Sonstiges - UNIX - Windows

CVE-2024-23337

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM Rational Team Concert <2.1.0 IBM / Rational Team Concert		<2.1.0

CVE-2024-33531

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM Rational Team Concert <2.1.0 IBM / Rational Team Concert		<2.1.0

CVE-2025-22874

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM Rational Team Concert <2.1.0 IBM / Rational Team Concert		<2.1.0

CVE-2025-32379

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM Rational Team Concert <2.1.0 IBM / Rational Team Concert		<2.1.0

CVE-2025-36081

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM Rational Team Concert <2.1.0 IBM / Rational Team Concert		<2.1.0

CVE-2025-36083

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM Rational Team Concert <2.1.0 IBM / Rational Team Concert		<2.1.0

CVE-2025-36085

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM Rational Team Concert <2.1.0 IBM / Rational Team Concert		<2.1.0

CVE-2025-45768

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM Rational Team Concert <2.1.0 IBM / Rational Team Concert		<2.1.0

CVE-2025-48060

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM Rational Team Concert <2.1.0 IBM / Rational Team Concert		<2.1.0

CVE-2025-50181

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM Rational Team Concert <2.1.0 IBM / Rational Team Concert		<2.1.0

CVE-2025-50182

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM Rational Team Concert <2.1.0 IBM / Rational Team Concert		<2.1.0

CVE-2025-53547

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM Rational Team Concert <2.1.0 IBM / Rational Team Concert		<2.1.0

CVE-2025-7338

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM Rational Team Concert <2.1.0 IBM / Rational Team Concert		<2.1.0

CVE-2025-7783

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM Rational Team Concert <2.1.0 IBM / Rational Team Concert		<2.1.0

CVE-2025-9288

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
IBM Rational Team Concert <2.1.0 IBM / Rational Team Concert		<2.1.0

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.ibm.com/support/pages/node/7249356	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "IBM Rational Team Concert ist ein Kollaborationstool zur Software Entwicklung.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in IBM Rational Team Concert ausnutzen, um einen Denial-of-Service-Angriff durchzuf\u00fchren, Eingaben oder Protokolle zu manipulieren, die Authentifizierung zu umgehen, beliebigen Code auszuf\u00fchren, Cross-Site-Scripting durchzuf\u00fchren, sensible Informationen offenzulegen oder offene Weiterleitungen auszul\u00f6sen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-2424 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2424.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-2424 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2424"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin vom 2025-10-27",
        "url": "https://www.ibm.com/support/pages/node/7249356"
      }
    ],
    "source_lang": "en-US",
    "title": "IBM Rational Team Concert: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-10-28T23:00:00.000+00:00",
      "generator": {
        "date": "2025-10-29T07:03:32.478+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-2424",
      "initial_release_date": "2025-10-27T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-10-27T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-10-28T23:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: EUVD-2025-36531, EUVD-2025-36533, EUVD-2025-36532"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c2.1.0",
                "product": {
                  "name": "IBM Rational Team Concert \u003c2.1.0",
                  "product_id": "T048164"
                }
              },
              {
                "category": "product_version",
                "name": "2.1.0",
                "product": {
                  "name": "IBM Rational Team Concert 2.1.0",
                  "product_id": "T048164-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:rational_team_concert:2.1.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Rational Team Concert"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-23337",
      "product_status": {
        "known_affected": [
          "T048164"
        ]
      },
      "release_date": "2025-10-27T23:00:00.000+00:00",
      "title": "CVE-2024-23337"
    },
    {
      "cve": "CVE-2024-33531",
      "product_status": {
        "known_affected": [
          "T048164"
        ]
      },
      "release_date": "2025-10-27T23:00:00.000+00:00",
      "title": "CVE-2024-33531"
    },
    {
      "cve": "CVE-2025-22874",
      "product_status": {
        "known_affected": [
          "T048164"
        ]
      },
      "release_date": "2025-10-27T23:00:00.000+00:00",
      "title": "CVE-2025-22874"
    },
    {
      "cve": "CVE-2025-32379",
      "product_status": {
        "known_affected": [
          "T048164"
        ]
      },
      "release_date": "2025-10-27T23:00:00.000+00:00",
      "title": "CVE-2025-32379"
    },
    {
      "cve": "CVE-2025-36081",
      "product_status": {
        "known_affected": [
          "T048164"
        ]
      },
      "release_date": "2025-10-27T23:00:00.000+00:00",
      "title": "CVE-2025-36081"
    },
    {
      "cve": "CVE-2025-36083",
      "product_status": {
        "known_affected": [
          "T048164"
        ]
      },
      "release_date": "2025-10-27T23:00:00.000+00:00",
      "title": "CVE-2025-36083"
    },
    {
      "cve": "CVE-2025-36085",
      "product_status": {
        "known_affected": [
          "T048164"
        ]
      },
      "release_date": "2025-10-27T23:00:00.000+00:00",
      "title": "CVE-2025-36085"
    },
    {
      "cve": "CVE-2025-45768",
      "product_status": {
        "known_affected": [
          "T048164"
        ]
      },
      "release_date": "2025-10-27T23:00:00.000+00:00",
      "title": "CVE-2025-45768"
    },
    {
      "cve": "CVE-2025-48060",
      "product_status": {
        "known_affected": [
          "T048164"
        ]
      },
      "release_date": "2025-10-27T23:00:00.000+00:00",
      "title": "CVE-2025-48060"
    },
    {
      "cve": "CVE-2025-50181",
      "product_status": {
        "known_affected": [
          "T048164"
        ]
      },
      "release_date": "2025-10-27T23:00:00.000+00:00",
      "title": "CVE-2025-50181"
    },
    {
      "cve": "CVE-2025-50182",
      "product_status": {
        "known_affected": [
          "T048164"
        ]
      },
      "release_date": "2025-10-27T23:00:00.000+00:00",
      "title": "CVE-2025-50182"
    },
    {
      "cve": "CVE-2025-53547",
      "product_status": {
        "known_affected": [
          "T048164"
        ]
      },
      "release_date": "2025-10-27T23:00:00.000+00:00",
      "title": "CVE-2025-53547"
    },
    {
      "cve": "CVE-2025-7338",
      "product_status": {
        "known_affected": [
          "T048164"
        ]
      },
      "release_date": "2025-10-27T23:00:00.000+00:00",
      "title": "CVE-2025-7338"
    },
    {
      "cve": "CVE-2025-7783",
      "product_status": {
        "known_affected": [
          "T048164"
        ]
      },
      "release_date": "2025-10-27T23:00:00.000+00:00",
      "title": "CVE-2025-7783"
    },
    {
      "cve": "CVE-2025-9288",
      "product_status": {
        "known_affected": [
          "T048164"
        ]
      },
      "release_date": "2025-10-27T23:00:00.000+00:00",
      "title": "CVE-2025-9288"
    }
  ]
}

CVE-2025-50182 (GCVE-0-2025-50182)

Vulnerability from cvelistv5 – Published: 2025-06-19 01:42 – Updated: 2025-12-22 18:43

Title

urllib3 does not control redirects in browsers and Node.js

Summary

urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means Python libraries can be used to make HTTP requests from a browser or Node.js. Additionally, urllib3 provides a mechanism to control redirects, but the retries and redirect parameters are ignored with Pyodide; the runtime itself determines redirect behavior. This issue has been patched in version 2.5.0.

Severity

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/urllib3/urllib3/security/advis…	x_refsource_CONFIRM
https://github.com/urllib3/urllib3/commit/7eb4a2a…	x_refsource_MISC
https://github.com/urllib3/urllib3/releases/tag/2.5.0	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
urllib3	urllib3	Affected: >= 2.2.0, < 2.5.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-50182",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-23T16:55:48.101990Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-23T16:56:19.447Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "urllib3",
          "vendor": "urllib3",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 2.2.0, \u003c 2.5.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means Python libraries can be used to make HTTP requests from a browser or Node.js. Additionally, urllib3 provides a mechanism to control redirects, but the retries and redirect parameters are ignored with Pyodide; the runtime itself determines redirect behavior. This issue has been patched in version 2.5.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-601",
              "description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-22T18:43:46.779Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/urllib3/urllib3/security/advisories/GHSA-48p4-8xcf-vxj5",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-48p4-8xcf-vxj5"
        },
        {
          "name": "https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f"
        },
        {
          "name": "https://github.com/urllib3/urllib3/releases/tag/2.5.0",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/urllib3/urllib3/releases/tag/2.5.0"
        }
      ],
      "source": {
        "advisory": "GHSA-48p4-8xcf-vxj5",
        "discovery": "UNKNOWN"
      },
      "title": "urllib3 does not control redirects in browsers and Node.js"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-50182",
    "datePublished": "2025-06-19T01:42:44.921Z",
    "dateReserved": "2025-06-13T19:17:51.726Z",
    "dateUpdated": "2025-12-22T18:43:46.779Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-53547 (GCVE-0-2025-53547)

Vulnerability from cvelistv5 – Published: 2025-07-08 21:39 – Updated: 2026-02-26 17:51

Title

Helm Chart Dependency Updating With Malicious Chart.yaml Content And Symlink Can Lead To Code Execution

Summary

Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when dependencies are updated and this file is written, can be crafted in a way that can cause execution if that same content were in a file that is executed (e.g., a bash.rc file or shell script). If the Chart.lock file is symlinked to one of these files updating dependencies will write the lock file content to the symlinked file. This can lead to unwanted execution. Helm warns of the symlinked file but did not stop execution due to symlinking. This issue has been resolved in Helm v3.18.4.

Severity

8.5 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/helm/helm/security/advisories/…	x_refsource_CONFIRM
https://github.com/helm/helm/commit/4b8e61093d8f5…	x_refsource_MISC
https://news.ycombinator.com/item?id=44506696

Impacted products

1 product

Vendor	Product	Version
helm	helm	Affected: < 3.18.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-53547",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-24T03:55:20.328115Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T17:51:02.113Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-07-09T17:05:52.255Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://news.ycombinator.com/item?id=44506696"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "helm",
          "vendor": "helm",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.18.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local code execution when dependencies are updated. Fields in a Chart.yaml file, that are carried over to a Chart.lock file when dependencies are updated and this file is written, can be crafted in a way that can cause execution if that same content were in a file that is executed (e.g., a bash.rc file or shell script). If the Chart.lock file is symlinked to one of these files updating dependencies will write the lock file content to the symlinked file. This can lead to unwanted execution. Helm warns of the symlinked file but did not stop execution due to symlinking. This issue has been resolved in Helm v3.18.4."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-08T21:39:59.075Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/helm/helm/security/advisories/GHSA-557j-xg8c-q2mm",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/helm/helm/security/advisories/GHSA-557j-xg8c-q2mm"
        },
        {
          "name": "https://github.com/helm/helm/commit/4b8e61093d8f579f1165cdc6bd4b43fa5455f571",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/helm/helm/commit/4b8e61093d8f579f1165cdc6bd4b43fa5455f571"
        }
      ],
      "source": {
        "advisory": "GHSA-557j-xg8c-q2mm",
        "discovery": "UNKNOWN"
      },
      "title": "Helm Chart Dependency Updating With Malicious Chart.yaml Content And Symlink Can Lead To Code Execution"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-53547",
    "datePublished": "2025-07-08T21:39:59.075Z",
    "dateReserved": "2025-07-02T15:15:11.516Z",
    "dateUpdated": "2026-02-26T17:51:02.113Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-7338 (GCVE-0-2025-7338)

Vulnerability from cvelistv5 – Published: 2025-07-17 15:26 – Updated: 2025-07-17 16:48

Title

Multer vulnerable to Denial of Service via unhandled exception from malformed request

Summary

Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.2 to receive a patch. No known workarounds are available.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-248

Assigner

openjs

References

3 references

URL	Tags
https://github.com/expressjs/multer/security/advi…
https://github.com/expressjs/multer/commit/adfeaf…
https://cna.openjsf.org/security-advisories.html

Impacted products

1 product

Vendor	Product	Version
expressjs	multer	Affected: 1.4.4-lts.1 , < 2.0.2 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-7338",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-17T16:48:34.245218Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-17T16:48:43.154Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "multer",
          "vendor": "expressjs",
          "versions": [
            {
              "lessThan": "2.0.2",
              "status": "affected",
              "version": "1.4.4-lts.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.2 to receive a patch. No known workarounds are available."
            }
          ],
          "value": "Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.2 to receive a patch. No known workarounds are available."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-248",
              "description": "CWE-248",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-17T15:26:45.427Z",
        "orgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
        "shortName": "openjs"
      },
      "references": [
        {
          "url": "https://github.com/expressjs/multer/security/advisories/GHSA-fjgf-rc76-4x9p"
        },
        {
          "url": "https://github.com/expressjs/multer/commit/adfeaf669f0e7fe953eab191a762164a452d143b"
        },
        {
          "url": "https://cna.openjsf.org/security-advisories.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Multer vulnerable to Denial of Service via unhandled exception from malformed request",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
    "assignerShortName": "openjs",
    "cveId": "CVE-2025-7338",
    "datePublished": "2025-07-17T15:26:45.427Z",
    "dateReserved": "2025-07-07T20:01:12.534Z",
    "dateUpdated": "2025-07-17T16:48:43.154Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-7783 (GCVE-0-2025-7783)

Vulnerability from cvelistv5 – Published: 2025-07-18 16:34 – Updated: 2025-11-03 20:07

Title

Usage of unsafe random function in form-data for choosing boundary

Summary

Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js. This issue affects form-data: < 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.

Severity

9.4 (Critical)


                        
                          CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

SSVC

Exploitation: poc Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-330 - Use of Insufficiently Random Values

Assigner

harborist

References

3 references

URL	Tags
https://github.com/form-data/form-data/security/a…	third-party-advisory
https://github.com/form-data/form-data/commit/3d1…	patch
https://lists.debian.org/debian-lts-announce/2025…

Impacted products

1 product

Vendor	Product	Version
		Affected: < 2.5.4 (semver) Affected: 3.0.0 - 3.0.3 (semver) Affected: 4.0.0 - 4.0.3 (semver)

Credits

https://github.com/benweissmann https://github.com/benweissmann https://github.com/ljharb

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-7783",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-22T14:54:27.721309Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-22T14:54:31.105Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:07:41.307Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/07/msg00023.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://npmjs.com/form-data",
          "defaultStatus": "unaffected",
          "packageName": "form-data",
          "programFiles": [
            "lib/form_data.js"
          ],
          "repo": "https://github.com/form-data/form-data",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.5.4",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "3.0.0 - 3.0.3",
              "versionType": "semver"
            },
            {
              "status": "affected",
              "version": "4.0.0 - 4.0.3",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "https://github.com/benweissmann"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "https://github.com/benweissmann"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "https://github.com/ljharb"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP).\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003elib/form_data.Js\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects form-data: \u0026lt; 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.\u003c/p\u003e"
            }
          ],
          "value": "Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js.\n\nThis issue affects form-data: \u003c 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-460",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-460 HTTP Parameter Pollution (HPP)"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-330",
              "description": "CWE-330 Use of Insufficiently Random Values",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-18T16:34:44.889Z",
        "orgId": "7ffcee3d-2c14-4c3e-b844-86c6a321a158",
        "shortName": "harborist"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Usage of unsafe random function in form-data for choosing boundary",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7ffcee3d-2c14-4c3e-b844-86c6a321a158",
    "assignerShortName": "harborist",
    "cveId": "CVE-2025-7783",
    "datePublished": "2025-07-18T16:34:44.889Z",
    "dateReserved": "2025-07-18T04:34:56.939Z",
    "dateUpdated": "2025-11-03T20:07:41.307Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-9288 (GCVE-0-2025-9288)

Vulnerability from cvelistv5 – Published: 2025-08-20 21:59 – Updated: 2025-11-03 18:14

Title

Missing type checks leading to hash rewind and passing on crafted data

Summary

Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11.

Severity

9.1 (Critical)


                        
                          CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:N

SSVC

Exploitation: poc Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-20 - Improper Input Validation

Assigner

harborist

References

4 references

URL	Tags
https://github.com/browserify/sha.js/security/adv…	vendor-advisory
https://github.com/browserify/sha.js/pull/78	patch
https://www.cve.org/CVERecord?id=CVE-2025-9287	related
https://lists.debian.org/debian-lts-announce/2025…

Impacted products

1 product

Vendor	Product	Version
		Affected: 0 , ≤ 2.4.11 (semver)

Credits

https://github.com/ChALkeR https://github.com/ChALkeR https://github.com/ChALkeR https://github.com/ljharb

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-9288",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-21T13:25:33.531962Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-21T14:47:54.315Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/browserify/sha.js/security/advisories/GHSA-95m3-7q98-8xr5"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T18:14:17.994Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00016.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://npmjs.com/sha.js",
          "defaultStatus": "unaffected",
          "packageName": "sha.js",
          "repo": "https://github.com/browserify/sha.js",
          "versions": [
            {
              "lessThanOrEqual": "2.4.11",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "https://github.com/ChALkeR"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "https://github.com/ChALkeR"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "https://github.com/ChALkeR"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "https://github.com/ljharb"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.\u003cp\u003eThis issue affects sha.js: through \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e2.4.11\u003c/span\u003e.\u003c/p\u003e"
            }
          ],
          "value": "Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-153",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-153 Input Data Manipulation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:H/SC:H/SI:H/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-20T21:59:44.728Z",
        "orgId": "7ffcee3d-2c14-4c3e-b844-86c6a321a158",
        "shortName": "harborist"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://github.com/browserify/sha.js/security/advisories/GHSA-95m3-7q98-8xr5"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/browserify/sha.js/pull/78"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-9287"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Missing type checks leading to hash rewind and passing on crafted data",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7ffcee3d-2c14-4c3e-b844-86c6a321a158",
    "assignerShortName": "harborist",
    "cveId": "CVE-2025-9288",
    "datePublished": "2025-08-20T21:59:44.728Z",
    "dateReserved": "2025-08-20T21:52:52.809Z",
    "dateUpdated": "2025-11-03T18:14:17.994Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2025-2424

CVE-2025-50182 (GCVE-0-2025-50182)

CVE-2025-53547 (GCVE-0-2025-53547)

CVE-2025-7338 (GCVE-0-2025-7338)

CVE-2025-7783 (GCVE-0-2025-7783)

CVE-2025-9288 (GCVE-0-2025-9288)

Tags

Sightings

Nomenclature