CVE-2025-4444 (GCVE-0-2025-4444)

Vulnerability from cvelistv5 – Published: 2025-09-18 13:58 – Updated: 2025-09-18 20:41
VLAI?
Summary
A security flaw has been discovered in Tor up to 0.4.7.16/0.4.8.17. Impacted is an unknown function of the component Onion Service Descriptor Handler. Performing manipulation results in resource consumption. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is considered difficult. Upgrading to version 0.4.8.18 and 0.4.9.3-alpha is recommended to address this issue. It is recommended to upgrade the affected component.
Severity ?
6.3 (Medium)
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X
3.7 (Low)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C
3.7 (Low)
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C
CWE
Assigner
References
Impacted products
Vendor Product Version
n/a Tor Affected: 0.4.7.0
Affected: 0.4.7.1
Affected: 0.4.7.2
Affected: 0.4.7.3
Affected: 0.4.7.4
Affected: 0.4.7.5
Affected: 0.4.7.6
Affected: 0.4.7.7
Affected: 0.4.7.8
Affected: 0.4.7.9
Affected: 0.4.7.10
Affected: 0.4.7.11
Affected: 0.4.7.12
Affected: 0.4.7.13
Affected: 0.4.7.14
Affected: 0.4.7.15
Affected: 0.4.7.16
Affected: 0.4.8.0
Affected: 0.4.8.1
Affected: 0.4.8.2
Affected: 0.4.8.3
Affected: 0.4.8.4
Affected: 0.4.8.5
Affected: 0.4.8.6
Affected: 0.4.8.7
Affected: 0.4.8.8
Affected: 0.4.8.9
Affected: 0.4.8.10
Affected: 0.4.8.11
Affected: 0.4.8.12
Affected: 0.4.8.13
Affected: 0.4.8.14
Affected: 0.4.8.15
Affected: 0.4.8.16
Affected: 0.4.8.17
Unaffected: 0.4.8.18
Unaffected: 0.4.9.3-alpha
Credits
wocanmei (VulDB User)
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-4444",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-18T20:41:11.076671Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-18T20:41:21.835Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Onion Service Descriptor Handler"
          ],
          "product": "Tor",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "0.4.7.0"
            },
            {
              "status": "affected",
              "version": "0.4.7.1"
            },
            {
              "status": "affected",
              "version": "0.4.7.2"
            },
            {
              "status": "affected",
              "version": "0.4.7.3"
            },
            {
              "status": "affected",
              "version": "0.4.7.4"
            },
            {
              "status": "affected",
              "version": "0.4.7.5"
            },
            {
              "status": "affected",
              "version": "0.4.7.6"
            },
            {
              "status": "affected",
              "version": "0.4.7.7"
            },
            {
              "status": "affected",
              "version": "0.4.7.8"
            },
            {
              "status": "affected",
              "version": "0.4.7.9"
            },
            {
              "status": "affected",
              "version": "0.4.7.10"
            },
            {
              "status": "affected",
              "version": "0.4.7.11"
            },
            {
              "status": "affected",
              "version": "0.4.7.12"
            },
            {
              "status": "affected",
              "version": "0.4.7.13"
            },
            {
              "status": "affected",
              "version": "0.4.7.14"
            },
            {
              "status": "affected",
              "version": "0.4.7.15"
            },
            {
              "status": "affected",
              "version": "0.4.7.16"
            },
            {
              "status": "affected",
              "version": "0.4.8.0"
            },
            {
              "status": "affected",
              "version": "0.4.8.1"
            },
            {
              "status": "affected",
              "version": "0.4.8.2"
            },
            {
              "status": "affected",
              "version": "0.4.8.3"
            },
            {
              "status": "affected",
              "version": "0.4.8.4"
            },
            {
              "status": "affected",
              "version": "0.4.8.5"
            },
            {
              "status": "affected",
              "version": "0.4.8.6"
            },
            {
              "status": "affected",
              "version": "0.4.8.7"
            },
            {
              "status": "affected",
              "version": "0.4.8.8"
            },
            {
              "status": "affected",
              "version": "0.4.8.9"
            },
            {
              "status": "affected",
              "version": "0.4.8.10"
            },
            {
              "status": "affected",
              "version": "0.4.8.11"
            },
            {
              "status": "affected",
              "version": "0.4.8.12"
            },
            {
              "status": "affected",
              "version": "0.4.8.13"
            },
            {
              "status": "affected",
              "version": "0.4.8.14"
            },
            {
              "status": "affected",
              "version": "0.4.8.15"
            },
            {
              "status": "affected",
              "version": "0.4.8.16"
            },
            {
              "status": "affected",
              "version": "0.4.8.17"
            },
            {
              "status": "unaffected",
              "version": "0.4.8.18"
            },
            {
              "status": "unaffected",
              "version": "0.4.9.3-alpha"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "wocanmei (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security flaw has been discovered in Tor up to 0.4.7.16/0.4.8.17. Impacted is an unknown function of the component Onion Service Descriptor Handler. Performing manipulation results in resource consumption. The attack may be initiated remotely. The attack\u0027s complexity is rated as high. The exploitability is considered difficult. Upgrading to version 0.4.8.18 and 0.4.9.3-alpha is recommended to address this issue. It is recommended to upgrade the affected component."
        },
        {
          "lang": "de",
          "value": "In Tor up to 0.4.7.16/0.4.8.17 wurde eine Schwachstelle gefunden. Hierbei betrifft es unbekannten Programmcode der Komponente Onion Service Descriptor Handler. Dank der Manipulation mit unbekannten Daten kann eine resource consumption-Schwachstelle ausgenutzt werden. Der Angriff l\u00e4sst sich \u00fcber das Netzwerk starten. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Es wird angegeben, dass die Ausnutzbarkeit schwierig ist. Ein Upgrade auf Version 0.4.8.18 and 0.4.9.3-alpha ist in der Lage, dieses Problem zu adressieren. Die Aktualisierung der betroffenen Komponente wird empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 2.6,
            "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P/E:ND/RL:OF/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-404",
              "description": "Denial of Service",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-18T14:00:17.385Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-324814 | Tor Onion Service Descriptor resource consumption",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.324814"
        },
        {
          "name": "VDB-324814 | CTI Indicators (IOB, IOC, TTP)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.324814"
        },
        {
          "name": "Submit #640605 | Tor \u2264 0.4.8 Memory Management vulnerability",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.640605"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://github.com/chunmianwang/Tordos"
        },
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.8/ReleaseNotes"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://forum.torproject.org/t/alpha-and-stable-release-0-4-8-18-and-0-4-9-3-alpha/20578"
        }
      ],
      "tags": [
        "x_open-source"
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-09-16T00:00:00.000Z",
          "value": "Countermeasure disclosed"
        },
        {
          "lang": "en",
          "time": "2025-09-18T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-09-18T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-09-18T16:05:09.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Tor Onion Service Descriptor resource consumption"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-4444",
    "datePublished": "2025-09-18T13:58:52.524Z",
    "dateReserved": "2025-05-08T17:01:45.724Z",
    "dateUpdated": "2025-09-18T20:41:21.835Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-4444\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2025-09-18T14:15:49.887\",\"lastModified\":\"2025-09-19T16:00:27.847\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A security flaw has been discovered in Tor up to 0.4.7.16/0.4.8.17. Impacted is an unknown function of the component Onion Service Descriptor Handler. Performing manipulation results in resource consumption. The attack may be initiated remotely. The attack\u0027s complexity is rated as high. The exploitability is considered difficult. Upgrading to version 0.4.8.18 and 0.4.9.3-alpha is recommended to address this issue. It is recommended to upgrade the affected component.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":3.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.2,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:N/I:N/A:P\",\"baseScore\":2.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":4.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"},{\"lang\":\"en\",\"value\":\"CWE-404\"}]}],\"references\":[{\"url\":\"https://forum.torproject.org/t/alpha-and-stable-release-0-4-8-18-and-0-4-9-3-alpha/20578\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://github.com/chunmianwang/Tordos\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.8/ReleaseNotes\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?ctiid.324814\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?id.324814\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?submit.640605\",\"source\":\"cna@vuldb.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-4444\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-18T20:41:11.076671Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-18T20:41:16.511Z\"}}], \"cna\": {\"tags\": [\"x_open-source\"], \"title\": \"Tor Onion Service Descriptor resource consumption\", \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"wocanmei (VulDB User)\"}], \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 6.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X\"}}, {\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 3.7, \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C\"}}, {\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 3.7, \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C\"}}, {\"cvssV2_0\": {\"version\": \"2.0\", \"baseScore\": 2.6, \"vectorString\": \"AV:N/AC:H/Au:N/C:N/I:N/A:P/E:ND/RL:OF/RC:C\"}}], \"affected\": [{\"vendor\": \"n/a\", \"modules\": [\"Onion Service Descriptor Handler\"], \"product\": \"Tor\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.4.7.0\"}, {\"status\": \"affected\", \"version\": \"0.4.7.1\"}, {\"status\": \"affected\", \"version\": \"0.4.7.2\"}, {\"status\": \"affected\", \"version\": \"0.4.7.3\"}, {\"status\": \"affected\", \"version\": \"0.4.7.4\"}, {\"status\": \"affected\", \"version\": \"0.4.7.5\"}, {\"status\": \"affected\", \"version\": \"0.4.7.6\"}, {\"status\": \"affected\", \"version\": \"0.4.7.7\"}, {\"status\": \"affected\", \"version\": \"0.4.7.8\"}, {\"status\": \"affected\", \"version\": \"0.4.7.9\"}, {\"status\": \"affected\", \"version\": \"0.4.7.10\"}, {\"status\": \"affected\", \"version\": \"0.4.7.11\"}, {\"status\": \"affected\", \"version\": \"0.4.7.12\"}, {\"status\": \"affected\", \"version\": \"0.4.7.13\"}, {\"status\": \"affected\", \"version\": \"0.4.7.14\"}, {\"status\": \"affected\", \"version\": \"0.4.7.15\"}, {\"status\": \"affected\", \"version\": \"0.4.7.16\"}, {\"status\": \"affected\", \"version\": \"0.4.8.0\"}, {\"status\": \"affected\", \"version\": \"0.4.8.1\"}, {\"status\": \"affected\", \"version\": \"0.4.8.2\"}, {\"status\": \"affected\", \"version\": \"0.4.8.3\"}, {\"status\": \"affected\", \"version\": \"0.4.8.4\"}, {\"status\": \"affected\", \"version\": \"0.4.8.5\"}, {\"status\": \"affected\", \"version\": \"0.4.8.6\"}, {\"status\": \"affected\", \"version\": \"0.4.8.7\"}, {\"status\": \"affected\", \"version\": \"0.4.8.8\"}, {\"status\": \"affected\", \"version\": \"0.4.8.9\"}, {\"status\": \"affected\", \"version\": \"0.4.8.10\"}, {\"status\": \"affected\", \"version\": \"0.4.8.11\"}, {\"status\": \"affected\", \"version\": \"0.4.8.12\"}, {\"status\": \"affected\", \"version\": \"0.4.8.13\"}, {\"status\": \"affected\", \"version\": \"0.4.8.14\"}, {\"status\": \"affected\", \"version\": \"0.4.8.15\"}, {\"status\": \"affected\", \"version\": \"0.4.8.16\"}, {\"status\": \"affected\", \"version\": \"0.4.8.17\"}, {\"status\": \"unaffected\", \"version\": \"0.4.8.18\"}, {\"status\": \"unaffected\", \"version\": \"0.4.9.3-alpha\"}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-09-16T00:00:00.000Z\", \"value\": \"Countermeasure disclosed\"}, {\"lang\": \"en\", \"time\": \"2025-09-18T00:00:00.000Z\", \"value\": \"Advisory disclosed\"}, {\"lang\": \"en\", \"time\": \"2025-09-18T02:00:00.000Z\", \"value\": \"VulDB entry created\"}, {\"lang\": \"en\", \"time\": \"2025-09-18T16:05:09.000Z\", \"value\": \"VulDB entry last update\"}], \"references\": [{\"url\": \"https://vuldb.com/?id.324814\", \"name\": \"VDB-324814 | Tor Onion Service Descriptor resource consumption\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://vuldb.com/?ctiid.324814\", \"name\": \"VDB-324814 | CTI Indicators (IOB, IOC, TTP)\", \"tags\": [\"signature\", \"permissions-required\"]}, {\"url\": \"https://vuldb.com/?submit.640605\", \"name\": \"Submit #640605 | Tor \\u2264 0.4.8 Memory Management vulnerability\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://github.com/chunmianwang/Tordos\", \"tags\": [\"related\"]}, {\"url\": \"https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.8/ReleaseNotes\", \"tags\": [\"release-notes\"]}, {\"url\": \"https://forum.torproject.org/t/alpha-and-stable-release-0-4-8-18-and-0-4-9-3-alpha/20578\", \"tags\": [\"patch\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A security flaw has been discovered in Tor up to 0.4.7.16/0.4.8.17. Impacted is an unknown function of the component Onion Service Descriptor Handler. Performing manipulation results in resource consumption. The attack may be initiated remotely. The attack\u0027s complexity is rated as high. The exploitability is considered difficult. Upgrading to version 0.4.8.18 and 0.4.9.3-alpha is recommended to address this issue. It is recommended to upgrade the affected component.\"}, {\"lang\": \"de\", \"value\": \"In Tor up to 0.4.7.16/0.4.8.17 wurde eine Schwachstelle gefunden. Hierbei betrifft es unbekannten Programmcode der Komponente Onion Service Descriptor Handler. Dank der Manipulation mit unbekannten Daten kann eine resource consumption-Schwachstelle ausgenutzt werden. Der Angriff l\\u00e4sst sich \\u00fcber das Netzwerk starten. Die Komplexit\\u00e4t eines Angriffs ist eher hoch. Es wird angegeben, dass die Ausnutzbarkeit schwierig ist. Ein Upgrade auf Version 0.4.8.18 and 0.4.9.3-alpha ist in der Lage, dieses Problem zu adressieren. Die Aktualisierung der betroffenen Komponente wird empfohlen.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"Resource Consumption\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-404\", \"description\": \"Denial of Service\"}]}], \"providerMetadata\": {\"orgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"shortName\": \"VulDB\", \"dateUpdated\": \"2025-09-18T14:00:17.385Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-4444\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-09-18T20:41:21.835Z\", \"dateReserved\": \"2025-05-08T17:01:45.724Z\", \"assignerOrgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"datePublished\": \"2025-09-18T13:58:52.524Z\", \"assignerShortName\": \"VulDB\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.