CWE-755
Improper Handling of Exceptional Conditions
The product does not handle or incorrectly handles an exceptional condition.
CVE-2025-48886 (GCVE-0-2025-48886)
Vulnerability from cvelistv5 – Published: 2025-06-19 14:24 – Updated: 2025-06-23 17:36
VLAI
Title
hydra-node dangerously assumes L1 event finality and does not consider failed transactions
Summary
Hydra is a layer-two scalability solution for Cardano. Prior to version 0.22.0, the process assumes L1 event finality and does not consider failed transactions. Currently, Cardano L1 is monitored for certain events which are necessary for state progression. At the moment, Hydra considers those events as finalized as soon as they are recognized by the node participants making such transactions the target of re-org attacks. The system does not currently consider the fact that failed transactions on the Cardano L1 can indeed appear in blocks because these transactions are so infrequent. This issue has been patched in version 0.22.0.
Severity
4.8 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/cardano-scaling/hydra/security… | x_refsource_CONFIRM |
| https://github.com/cardano-scaling/hydra/commit/2… | x_refsource_MISC |
| https://github.com/cardano-scaling/hydra/commit/f… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| cardano-scaling | hydra |
Affected:
< 0.22.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-48886",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T17:35:47.019208Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T17:36:02.598Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "hydra",
"vendor": "cardano-scaling",
"versions": [
{
"status": "affected",
"version": "\u003c 0.22.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Hydra is a layer-two scalability solution for Cardano. Prior to version 0.22.0, the process assumes L1 event finality and does not consider failed transactions. Currently, Cardano L1 is monitored for certain events which are necessary for state progression. At the moment, Hydra considers those events as finalized as soon as they are recognized by the node participants making such transactions the target of re-org attacks. The system does not currently consider the fact that failed transactions on the Cardano L1 can indeed appear in blocks because these transactions are so infrequent. This issue has been patched in version 0.22.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755: Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-19T14:24:58.304Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cardano-scaling/hydra/security/advisories/GHSA-qr9f-mpgf-wp25",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cardano-scaling/hydra/security/advisories/GHSA-qr9f-mpgf-wp25"
},
{
"name": "https://github.com/cardano-scaling/hydra/commit/2bc6a82ef6dbfa8b94e1c11d55253713065f605e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cardano-scaling/hydra/commit/2bc6a82ef6dbfa8b94e1c11d55253713065f605e"
},
{
"name": "https://github.com/cardano-scaling/hydra/commit/fb22d968964bf5d5b79227cc845d871147044ce7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cardano-scaling/hydra/commit/fb22d968964bf5d5b79227cc845d871147044ce7"
}
],
"source": {
"advisory": "GHSA-qr9f-mpgf-wp25",
"discovery": "UNKNOWN"
},
"title": "hydra-node dangerously assumes L1 event finality and does not consider failed transactions"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-48886",
"datePublished": "2025-06-19T14:24:58.304Z",
"dateReserved": "2025-05-27T20:14:34.297Z",
"dateUpdated": "2025-06-23T17:36:02.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-52947 (GCVE-0-2025-52947)
Vulnerability from cvelistv5 – Published: 2025-07-11 14:40 – Updated: 2025-07-11 15:25
VLAI
Title
Junos OS: ACX Series: When 'hot-standby' mode is configured for an L2 circuit, interface flap causes the FEB to crash
Summary
An Improper Handling of Exceptional Conditions vulnerability in route processing of Juniper Networks Junos OS on specific end-of-life (EOL) ACX Series platforms allows an attacker to crash the Forwarding Engine Board (FEB) by flapping an interface, leading to a Denial of Service (DoS).
On ACX1000, ACX1100, ACX2000, ACX2100, ACX2200, ACX4000, ACX5048, and ACX5096 devices, FEB0 will crash when the primary path port of the L2 circuit IGP (Interior Gateway Protocol) on the local device goes down. This issue is seen only when 'hot-standby' mode is configured for the L2 circuit.
This issue affects Junos OS on ACX1000, ACX1100, ACX2000, ACX2100, ACX2200, ACX4000, ACX5048, and ACX5096:
* all versions before 21.2R3-S9.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://supportportal.juniper.net/JSA100051 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 21.2R3-S9
(semver)
|
Date Public
2025-07-09 16:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52947",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T15:25:03.681598Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T15:25:08.865Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"ACX1000",
"ACX1100",
"ACX2000",
"ACX2100",
"ACX2200",
"ACX4000",
"ACX5048",
"ACX5096"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue only occurs when an L2 circuit is configured for hot-standby.\u0026nbsp; For example:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[protocols l2circuit neighbor x.x.x.x interface \u0026lt;intf\u0026gt; backup-neighbor x.x.x.x hot-standby]\u003c/tt\u003e"
}
],
"value": "This issue only occurs when an L2 circuit is configured for hot-standby.\u00a0 For example:\n\n[protocols l2circuit neighbor x.x.x.x interface \u003cintf\u003e backup-neighbor x.x.x.x hot-standby]"
}
],
"datePublic": "2025-07-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Handling of Exceptional Conditions vulnerability in route processing of Juniper Networks Junos OS on specific end-of-life (EOL) ACX Series platforms allows an attacker to crash the Forwarding Engine Board (FEB) by flapping an interface, leading to a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eOn\u0026nbsp;ACX1000, ACX1100, ACX2000, ACX2100, ACX2200, ACX4000, ACX5048, and ACX5096 devices, FEB0 will crash when the primary path port of the L2 circuit IGP (Interior Gateway Protocol) on the local device goes down. This issue is seen only when \u0027hot-standby\u0027 mode is configured for the L2 circuit.\u003cbr\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS on ACX1000, ACX1100, ACX2000, ACX2100, ACX2200, ACX4000, ACX5048, and ACX5096:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 21.2R3-S9.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An Improper Handling of Exceptional Conditions vulnerability in route processing of Juniper Networks Junos OS on specific end-of-life (EOL) ACX Series platforms allows an attacker to crash the Forwarding Engine Board (FEB) by flapping an interface, leading to a Denial of Service (DoS).\n\nOn\u00a0ACX1000, ACX1100, ACX2000, ACX2100, ACX2200, ACX4000, ACX5048, and ACX5096 devices, FEB0 will crash when the primary path port of the L2 circuit IGP (Interior Gateway Protocol) on the local device goes down. This issue is seen only when \u0027hot-standby\u0027 mode is configured for the L2 circuit.\n\nThis issue affects Junos OS on ACX1000, ACX1100, ACX2000, ACX2100, ACX2200, ACX4000, ACX5048, and ACX5096:\u00a0\n\n\n\n * all versions before 21.2R3-S9."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T14:40:14.792Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA100051"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S9.\u003cbr\u003e\u003cbr\u003eNote: Support for the ACX2k Series ended with Junos OS 21.2."
}
],
"value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S9.\n\nNote: Support for the ACX2k Series ended with Junos OS 21.2."
}
],
"source": {
"advisory": "JSA100051",
"defect": [
"1840825"
],
"discovery": "USER"
},
"title": "Junos OS: ACX Series: When \u0027hot-standby\u0027 mode is configured for an L2 circuit, interface flap causes the FEB to crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2025-52947",
"datePublished": "2025-07-11T14:40:14.792Z",
"dateReserved": "2025-06-23T13:16:01.408Z",
"dateUpdated": "2025-07-11T15:25:08.865Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-52948 (GCVE-0-2025-52948)
Vulnerability from cvelistv5 – Published: 2025-07-11 14:40 – Updated: 2025-07-23 14:57
VLAI
Title
Junos OS: Specific unknown traffic pattern causes FPC and system to crash when packet capturing is enabled
Summary
An Improper Handling of Exceptional Conditions vulnerability in Berkeley Packet Filter (BPF) processing of Juniper Networks Junos OS allows an attacker, in rare cases, sending specific, unknown traffic patterns to cause the FPC and system to crash and restart.
BPF provides a raw interface to data link layers in a protocol independent fashion. Internally within the Junos kernel, due to a rare timing issue (race condition), when a BPF instance is cloned, the newly created interface causes an internal structure leakage, leading to a system crash. The precise content and timing of the traffic patterns is indeterminate, but has been seen in a lab environment multiple times.
This issue is more likely to occur when packet capturing is enabled. See required configuration below.
This issue affects Junos OS:
* all versions before 21.2R3-S9,
* from 21.4 before 21.4R3-S10,
* from 22.2 before 22.2R3-S6,
* from 22.4 before 22.4R3-S7,
* from 23.2 before 23.2R2-S3,
* from 23.4 before 23.4R2-S3,
* from 24.2 before 24.2R1-S1, 24.2R2.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://supportportal.juniper.net/JSA100052 | vendor-advisory |
| https://www.juniper.net/documentation/us/en/softw… | technical-description |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 21.2R3-S9
(semver)
Affected: 21.4 , < 21.4R3-S10 (semver) Affected: 22.2 , < 22.2R3-S6 (semver) Affected: 22.4 , < 22.4R3-S7 (semver) Affected: 23.2 , < 23.2R2-S3 (semver) Affected: 23.4 , < 23.4R2-S3 (semver) Affected: 24.2 , < 24.2R1-S1, 24.2R2 (semver) |
Date Public
2025-07-09 16:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-52948",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T15:06:42.389399Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T15:06:47.179Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S9",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S10",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S6",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S7",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S3",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S3",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.2R1-S1, 24.2R2",
"status": "affected",
"version": "24.2",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "BPF is used by applications such as \u0027tcpdump\u0027, enabled in Junos via packet-capture sampling:\u003cbr\u003e\u003cbr\u003e\n\n\u003ctt\u003e[forwarding-options\u0026nbsp;packet-capture file ...]\u003cbr\u003e\u003cbr\u003e[firewall filter \u0026lt;name\u0026gt; term \u0026lt;name\u0026gt; then sample]\u003cbr\u003e\u003cbr\u003e[interfaces \u0026lt;interface\u0026gt; unit \u0026lt;n\u0026gt; family inet filter input \u0026lt;name\u0026gt;]\u003cbr\u003e\n\n[interfaces \u0026lt;interface\u0026gt; unit \u0026lt;n\u0026gt; family inet filter output \u0026lt;name\u0026gt;]\u003cbr\u003e\u003cbr\u003e\u003c/tt\u003eor via the \u0027monitor traffic\u0027 command. For example:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003euser@junos\u0026gt; monitor traffic interface \u0026lt;name\u0026gt;\u003c/tt\u003e"
}
],
"value": "BPF is used by applications such as \u0027tcpdump\u0027, enabled in Junos via packet-capture sampling:\n\n\n\n[forwarding-options\u00a0packet-capture file ...]\n\n[firewall filter \u003cname\u003e term \u003cname\u003e then sample]\n\n[interfaces \u003cinterface\u003e unit \u003cn\u003e family inet filter input \u003cname\u003e]\n\n\n[interfaces \u003cinterface\u003e unit \u003cn\u003e family inet filter output \u003cname\u003e]\n\nor via the \u0027monitor traffic\u0027 command. For example:\n\nuser@junos\u003e monitor traffic interface \u003cname\u003e"
}
],
"datePublic": "2025-07-09T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Handling of Exceptional Conditions vulnerability in Berkeley Packet Filter (BPF) processing of Juniper Networks Junos OS allows an attacker, in rare cases, sending specific, unknown traffic patterns to cause the FPC and system to crash and restart.\u003cbr\u003e\u003cbr\u003eBPF provides a raw interface to data link layers in a protocol independent fashion. Internally within the Junos kernel, due to a rare timing issue (race condition), when a BPF instance is cloned, the newly created interface causes an internal structure leakage, leading to a system crash. The precise content and timing of the traffic patterns is indeterminate, but has been seen in a lab environment multiple times.\u003cbr\u003e\u003cbr\u003eThis issue is more likely to occur when packet capturing is enabled.\u0026nbsp; See required configuration below.\u003cbr\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 21.2R3-S9,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S10,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S6,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S7,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S3,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S3,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R1-S1, 24.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An Improper Handling of Exceptional Conditions vulnerability in Berkeley Packet Filter (BPF) processing of Juniper Networks Junos OS allows an attacker, in rare cases, sending specific, unknown traffic patterns to cause the FPC and system to crash and restart.\n\nBPF provides a raw interface to data link layers in a protocol independent fashion. Internally within the Junos kernel, due to a rare timing issue (race condition), when a BPF instance is cloned, the newly created interface causes an internal structure leakage, leading to a system crash. The precise content and timing of the traffic patterns is indeterminate, but has been seen in a lab environment multiple times.\n\nThis issue is more likely to occur when packet capturing is enabled.\u00a0 See required configuration below.\n\nThis issue affects Junos OS:\u00a0\n\n\n\n * all versions before 21.2R3-S9,\u00a0\n * from 21.4 before 21.4R3-S10,\u00a0\n * from 22.2 before 22.2R3-S6,\u00a0\n * from 22.4 before 22.4R3-S7,\u00a0\n * from 23.2 before 23.2R2-S3,\u00a0\n * from 23.4 before 23.4R2-S3,\u00a0\n * from 24.2 before 24.2R1-S1, 24.2R2."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T14:57:37.021Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA100052"
},
{
"tags": [
"technical-description"
],
"url": "https://www.juniper.net/documentation/us/en/software/junos/network-mgmt/topics/topic-map/analyze-network-traffic-by-using-packet-capture.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S7, 23.2R2-S3, 23.4R2-S3, 24.2R1-S1, 24.2R2, 24.4R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S7, 23.2R2-S3, 23.4R2-S3, 24.2R1-S1, 24.2R2, 24.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA100052",
"defect": [
"1819102"
],
"discovery": "INTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-07-09T16:00:00.000Z",
"value": "Initial Publication"
},
{
"lang": "en",
"time": "2025-07-18T16:00:00.000Z",
"value": "Corrected vulnerable \u0027monitor\u0027 command from \u0027monitor interface\u0027 to \u0027monitor traffic\u0027"
},
{
"lang": "en",
"time": "2025-07-23T16:00:00.000Z",
"value": "Added workaround of avoiding the execution of the \u0027monitor traffic\u0027 command"
}
],
"title": "Junos OS: Specific unknown traffic pattern causes FPC and system to crash when packet capturing is enabled",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Avoid execution of the \u0027monitor traffic interface\u0027 command on production systems."
}
],
"value": "Avoid execution of the \u0027monitor traffic interface\u0027 command on production systems."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2025-52948",
"datePublished": "2025-07-11T14:40:31.197Z",
"dateReserved": "2025-06-23T13:16:01.408Z",
"dateUpdated": "2025-07-23T14:57:37.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53702 (GCVE-0-2025-53702)
Vulnerability from cvelistv5 – Published: 2025-10-23 13:39 – Updated: 2025-10-23 14:56 Unsupported When Assigned
VLAI
Title
DoS vulnerability in Vilar VS-IPC1002 IP cameras
Summary
Vilar VS-IPC1002 IP cameras are vulnerable to DoS (Denial-of-Service) attacks. An unauthenticated attacker on the same local network might send a crafted request to /cgi-bin/action endpoint and render the device completely unresponsive. A manual restart of the device is required.
The vendor did not respond in any way. Only version 1.1.0.18 was tested, other versions might be vulnerable as well.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Vilar | VS-IPC1002 |
Affected:
1.1.0.18
(custom)
|
Date Public
2025-10-23 14:04
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53702",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-23T14:56:43.790725Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T14:56:58.978Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "VS-IPC1002",
"vendor": "Vilar",
"versions": [
{
"status": "affected",
"version": "1.1.0.18",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Szymon Paszun"
}
],
"datePublic": "2025-10-23T14:04:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vilar \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVS-IPC1002 \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIP cameras are \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evulnerable to DoS (Denial-of-Service) attacks. An unauthenticated attacker on the same local network might send a crafted request to\u0026nbsp;\u003c/span\u003e/cgi-bin/action endpoint and render the device completely unresponsive. A manual restart of the device is required.\u0026nbsp;\u003cbr\u003e\u003c/span\u003e\u003c/span\u003eThe vendor did not respond in any way. Only version 1.1.0.18 was tested, other versions might be vulnerable as well."
}
],
"value": "Vilar VS-IPC1002 IP cameras are vulnerable to DoS (Denial-of-Service) attacks. An unauthenticated attacker on the same local network might send a crafted request to\u00a0/cgi-bin/action endpoint and render the device completely unresponsive. A manual restart of the device is required.\u00a0\nThe vendor did not respond in any way. Only version 1.1.0.18 was tested, other versions might be vulnerable as well."
}
],
"impacts": [
{
"capecId": "CAPEC-469",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-469 HTTP DoS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T13:39:44.596Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"url": "https://cert.pl/en/posts/2025/10/CVE-2025-53701"
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned"
],
"title": "DoS vulnerability in Vilar VS-IPC1002 IP cameras",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2025-53702",
"datePublished": "2025-10-23T13:39:44.596Z",
"dateReserved": "2025-07-08T14:49:12.283Z",
"dateUpdated": "2025-10-23T14:56:58.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54634 (GCVE-0-2025-54634)
Vulnerability from cvelistv5 – Published: 2025-08-06 02:21 – Updated: 2025-08-06 15:40
VLAI
Summary
Vulnerability of improper processing of abnormal conditions in huge page separation.
Impact: Successful exploitation of this vulnerability may affect availability.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54634",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-06T15:12:06.389526Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-06T15:40:27.445Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HarmonyOS",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "5.1.0"
},
{
"status": "affected",
"version": "5.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Vulnerability of improper processing of abnormal conditions in huge page separation.\u003cbr\u003eImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"value": "Vulnerability of improper processing of abnormal conditions in huge page separation.\nImpact: Successful exploitation of this vulnerability may affect availability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-06T02:21:29.264Z",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2025/8/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2025-54634",
"datePublished": "2025-08-06T02:21:29.264Z",
"dateReserved": "2025-07-28T03:55:34.530Z",
"dateUpdated": "2025-08-06T15:40:27.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-58047 (GCVE-0-2025-58047)
Vulnerability from cvelistv5 – Published: 2025-08-28 17:10 – Updated: 2025-11-04 21:13
VLAI
Title
Volto affected by possible DoS by invoking specific URL by anonymous user
Summary
Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to before 17.22.1, and prior to 16.34.0, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a specific URL. The problem has been patched in versions 16.34.0, 17.22.1, 18.24.0, and 19.0.0-alpha.4. To mitigate downtime, have setup automatically restart processes that quit with an error.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://github.com/plone/volto/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/plone/volto/commit/2789a287ac4… | x_refsource_MISC |
| https://github.com/plone/volto/releases/tag/16.34.0 | x_refsource_MISC |
| https://github.com/plone/volto/releases/tag/17.22.1 | x_refsource_MISC |
| https://github.com/plone/volto/releases/tag/18.24.0 | x_refsource_MISC |
| https://github.com/plone/volto/releases/tag/19.0.… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2025/08/28/3 |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58047",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T18:35:47.223133Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T18:35:51.922Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:13:20.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/08/28/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "volto",
"vendor": "plone",
"versions": [
{
"status": "affected",
"version": "\u003c 16.34.0"
},
{
"status": "affected",
"version": "\u003e= 17.0.0, \u003c 17.22.1"
},
{
"status": "affected",
"version": "\u003e= 18.0.0, \u003c 18.24.0"
},
{
"status": "affected",
"version": "\u003e= 19.0.0-alpha.1, \u003c 19.0.0-alpha.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to before 17.22.1, and prior to 16.34.0, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a specific URL. The problem has been patched in versions 16.34.0, 17.22.1, 18.24.0, and 19.0.0-alpha.4. To mitigate downtime, have setup automatically restart processes that quit with an error."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755: Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T17:10:58.381Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/plone/volto/security/advisories/GHSA-xjhf-7833-3pm5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/plone/volto/security/advisories/GHSA-xjhf-7833-3pm5"
},
{
"name": "https://github.com/plone/volto/commit/2789a287ac45ad9039fb9161d465ba13241fff0a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/plone/volto/commit/2789a287ac45ad9039fb9161d465ba13241fff0a"
},
{
"name": "https://github.com/plone/volto/releases/tag/16.34.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/plone/volto/releases/tag/16.34.0"
},
{
"name": "https://github.com/plone/volto/releases/tag/17.22.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/plone/volto/releases/tag/17.22.1"
},
{
"name": "https://github.com/plone/volto/releases/tag/18.24.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/plone/volto/releases/tag/18.24.0"
},
{
"name": "https://github.com/plone/volto/releases/tag/19.0.0-alpha.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/plone/volto/releases/tag/19.0.0-alpha.4"
}
],
"source": {
"advisory": "GHSA-xjhf-7833-3pm5",
"discovery": "UNKNOWN"
},
"title": "Volto affected by possible DoS by invoking specific URL by anonymous user"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-58047",
"datePublished": "2025-08-28T17:10:58.381Z",
"dateReserved": "2025-08-22T14:30:32.221Z",
"dateUpdated": "2025-11-04T21:13:20.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59530 (GCVE-0-2025-59530)
Vulnerability from cvelistv5 – Published: 2025-10-10 16:09 – Updated: 2025-10-10 16:31
VLAI
Title
quic-go has Client Crash Due to Premature HANDSHAKE_DONE Frame
Summary
quic-go is an implementation of the QUIC protocol in Go. In versions prior to 0.49.0, 0.54.1, and 0.55.0, a misbehaving or malicious server can cause a denial-of-service (DoS) attack on the quic-go client by triggering an assertion failure, leading to a process crash. This requires no authentication and can be exploited during the handshake phase. This was observed in the wild with certain server implementations. quic-go needs to be able to handle misbehaving server implementations, including those that prematurely send a HANDSHAKE_DONE frame. Versions 0.49.0, 0.54.1, and 0.55.0 discard Initial keys when receiving a HANDSHAKE_DONE frame, thereby correctly handling premature HANDSHAKE_DONE frames.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/quic-go/quic-go/security/advis… | x_refsource_CONFIRM |
| https://github.com/quic-go/quic-go/pull/5354 | x_refsource_MISC |
| https://github.com/quic-go/quic-go/blob/v0.55.0/c… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59530",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-10T16:31:32.909241Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T16:31:47.457Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "quic-go",
"vendor": "quic-go",
"versions": [
{
"status": "affected",
"version": "\u003c 0.49.1"
},
{
"status": "affected",
"version": "\u003e= 0.5.0, \u003c 0.54.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "quic-go is an implementation of the QUIC protocol in Go. In versions prior to 0.49.0, 0.54.1, and 0.55.0, a misbehaving or malicious server can cause a denial-of-service (DoS) attack on the quic-go client by triggering an assertion failure, leading to a process crash. This requires no authentication and can be exploited during the handshake phase. This was observed in the wild with certain server implementations. quic-go needs to be able to handle misbehaving server implementations, including those that prematurely send a HANDSHAKE_DONE frame. Versions 0.49.0, 0.54.1, and 0.55.0 discard Initial keys when receiving a HANDSHAKE_DONE frame, thereby correctly handling premature HANDSHAKE_DONE frames."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "CWE-617: Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755: Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-10T16:09:55.227Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/quic-go/quic-go/security/advisories/GHSA-47m2-4cr7-mhcw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/quic-go/quic-go/security/advisories/GHSA-47m2-4cr7-mhcw"
},
{
"name": "https://github.com/quic-go/quic-go/pull/5354",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/quic-go/quic-go/pull/5354"
},
{
"name": "https://github.com/quic-go/quic-go/blob/v0.55.0/connection.go#L2682-L2685",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/quic-go/quic-go/blob/v0.55.0/connection.go#L2682-L2685"
}
],
"source": {
"advisory": "GHSA-47m2-4cr7-mhcw",
"discovery": "UNKNOWN"
},
"title": "quic-go has Client Crash Due to Premature HANDSHAKE_DONE Frame"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-59530",
"datePublished": "2025-10-10T16:09:55.227Z",
"dateReserved": "2025-09-17T17:04:20.373Z",
"dateUpdated": "2025-10-10T16:31:47.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-62711 (GCVE-0-2025-62711)
Vulnerability from cvelistv5 – Published: 2025-10-24 21:54 – Updated: 2025-10-27 15:22
VLAI
Title
Wasmtime vulnerable to segfault when using component resources
Summary
Wasmtime is a runtime for WebAssembly. In versions from 38.0.0 to before 38.0.3, the implementation of component-model related host-to-wasm trampolines in Wasmtime contained a bug where it's possible to carefully craft a component, which when called in a specific way, would crash the host with a segfault or assert failure. Wasmtime 38.0.3 has been released and is patched to fix this issue. There are no workarounds.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/bytecodealliance/wasmtime/secu… | x_refsource_CONFIRM |
| https://github.com/bytecodealliance/wasmtime/pull/11592 | x_refsource_MISC |
| https://github.com/bytecodealliance/wasmtime/comm… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| bytecodealliance | wasmtime |
Affected:
>= 38.0.0, < 38.0.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62711",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T15:22:12.743021Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T15:22:22.914Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "wasmtime",
"vendor": "bytecodealliance",
"versions": [
{
"status": "affected",
"version": "\u003e= 38.0.0, \u003c 38.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Wasmtime is a runtime for WebAssembly. In versions from 38.0.0 to before 38.0.3, the implementation of component-model related host-to-wasm trampolines in Wasmtime contained a bug where it\u0027s possible to carefully craft a component, which when called in a specific way, would crash the host with a segfault or assert failure. Wasmtime 38.0.3 has been released and is patched to fix this issue. There are no workarounds."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.1,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755: Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-24T21:54:52.578Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-4h67-722j-5pmc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-4h67-722j-5pmc"
},
{
"name": "https://github.com/bytecodealliance/wasmtime/pull/11592",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bytecodealliance/wasmtime/pull/11592"
},
{
"name": "https://github.com/bytecodealliance/wasmtime/commit/192f2fcdadfec9d0cf6b58548a85a7307450cbf5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bytecodealliance/wasmtime/commit/192f2fcdadfec9d0cf6b58548a85a7307450cbf5"
}
],
"source": {
"advisory": "GHSA-4h67-722j-5pmc",
"discovery": "UNKNOWN"
},
"title": "Wasmtime vulnerable to segfault when using component resources"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-62711",
"datePublished": "2025-10-24T21:54:52.578Z",
"dateReserved": "2025-10-20T19:41:22.740Z",
"dateUpdated": "2025-10-27T15:22:22.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-66622 (GCVE-0-2025-66622)
Vulnerability from cvelistv5 – Published: 2025-12-09 02:07 – Updated: 2025-12-09 16:02
VLAI
Title
matrix-sdk-base is vulnerable to DoS via custom m.room.join_rules event values
Summary
matrix-sdk-base is the base component to build a Matrix client library. Versions 0.14.1 and prior are unable to handle responses that include custom m.room.join_rules values due to a serialization bug. This can be exploited to cause a denial-of-service condition, if a user is invited to a room with non-standard join rules, the crate's sync process will stall, preventing further processing for all rooms. This is fixed in version 0.16.0.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/matrix-org/matrix-rust-sdk/sec… | x_refsource_CONFIRM |
| https://github.com/matrix-org/matrix-rust-sdk/pull/5924 | x_refsource_MISC |
| https://github.com/matrix-org/matrix-rust-sdk/com… | x_refsource_MISC |
| https://rustsec.org/advisories/RUSTSEC-2025-0135.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| matrix-org | matrix-rust-sdk |
Affected:
< 0.16.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66622",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T14:16:11.253556Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T16:02:47.455Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "matrix-rust-sdk",
"vendor": "matrix-org",
"versions": [
{
"status": "affected",
"version": "\u003c 0.16.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "matrix-sdk-base is the base component to build a Matrix client library. Versions 0.14.1 and prior are unable to handle responses that include custom m.room.join_rules values due to a serialization bug. This can be exploited to cause a denial-of-service condition, if a user is invited to a room with non-standard join rules, the crate\u0027s sync process will stall, preventing further processing for all rooms. This is fixed in version 0.16.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 1.3,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755: Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T02:07:18.831Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-jj6p-3m75-g2p3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-jj6p-3m75-g2p3"
},
{
"name": "https://github.com/matrix-org/matrix-rust-sdk/pull/5924",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/matrix-org/matrix-rust-sdk/pull/5924"
},
{
"name": "https://github.com/matrix-org/matrix-rust-sdk/commit/4ea0418abefab2aa93f8851a4d39c723e703e6b0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/matrix-org/matrix-rust-sdk/commit/4ea0418abefab2aa93f8851a4d39c723e703e6b0"
},
{
"name": "https://rustsec.org/advisories/RUSTSEC-2025-0135.html",
"tags": [
"x_refsource_MISC"
],
"url": "https://rustsec.org/advisories/RUSTSEC-2025-0135.html"
}
],
"source": {
"advisory": "GHSA-jj6p-3m75-g2p3",
"discovery": "UNKNOWN"
},
"title": "matrix-sdk-base is vulnerable to DoS via custom m.room.join_rules event values"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66622",
"datePublished": "2025-12-09T02:07:18.831Z",
"dateReserved": "2025-12-05T15:18:02.787Z",
"dateUpdated": "2025-12-09T16:02:47.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-68274 (GCVE-0-2025-68274)
Vulnerability from cvelistv5 – Published: 2025-12-16 22:02 – Updated: 2025-12-17 21:15
VLAI
Title
SIPGO library has response DoS vulnerability via nil pointer dereference
Summary
SIPGO is a library for writing SIP services in the GO language. Starting in version 0.3.0 and prior to version 1.0.0-alpha-1, a nil pointer dereference vulnerability is in the SIPGO library's `NewResponseFromRequest` function that affects all normal SIP operations. The vulnerability allows remote attackers to crash any SIP application by sending a single malformed SIP request without a To header. The vulnerability occurs when SIP message parsing succeeds for a request missing the To header, but the response creation code assumes the To header exists without proper nil checks. This affects routine operations like call setup, authentication, and message handling - not just error cases. This vulnerability affects all SIP applications using the sipgo library, not just specific configurations or edge cases, as long as they make use of the `NewResponseFromRequest` function. Version 1.0.0-alpha-1 contains a patch for the issue.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/emiago/sipgo/security/advisori… | x_refsource_CONFIRM |
| https://github.com/emiago/sipgo/commit/dc9669364a… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-68274",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-17T21:14:54.467011Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T21:15:10.262Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "sipgo",
"vendor": "emiago",
"versions": [
{
"status": "affected",
"version": "\u003e= v0.3.0, \u003c v1.0.0-alpha-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SIPGO is a library for writing SIP services in the GO language. Starting in version 0.3.0 and prior to version 1.0.0-alpha-1, a nil pointer dereference vulnerability is in the SIPGO library\u0027s `NewResponseFromRequest` function that affects all normal SIP operations. The vulnerability allows remote attackers to crash any SIP application by sending a single malformed SIP request without a To header. The vulnerability occurs when SIP message parsing succeeds for a request missing the To header, but the response creation code assumes the To header exists without proper nil checks. This affects routine operations like call setup, authentication, and message handling - not just error cases. This vulnerability affects all SIP applications using the sipgo library, not just specific configurations or edge cases, as long as they make use of the `NewResponseFromRequest` function. Version 1.0.0-alpha-1 contains a patch for the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755: Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T22:02:55.360Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/emiago/sipgo/security/advisories/GHSA-c623-f998-8hhv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/emiago/sipgo/security/advisories/GHSA-c623-f998-8hhv"
},
{
"name": "https://github.com/emiago/sipgo/commit/dc9669364a154ec6d134e542f6a63c31b5afe6e8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/emiago/sipgo/commit/dc9669364a154ec6d134e542f6a63c31b5afe6e8"
}
],
"source": {
"advisory": "GHSA-c623-f998-8hhv",
"discovery": "UNKNOWN"
},
"title": "SIPGO library has response DoS vulnerability via nil pointer dereference"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-68274",
"datePublished": "2025-12-16T22:02:55.360Z",
"dateReserved": "2025-12-16T14:05:31.364Z",
"dateUpdated": "2025-12-17T21:15:10.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.