CVE-2025-53636 (GCVE-0-2025-53636)
Vulnerability from cvelistv5 – Published: 2025-07-11 21:20 – Updated: 2025-07-14 20:13
VLAI?
Summary
Open OnDemand is an open-source HPC portal. Users can flood logs by interacting with the shell app and generating many errors. Users who flood logs can create very large log files causing a Denial of Service (DoS) to the ondemand system. This vulnerability is fixed in 3.1.14 and 4.0.6.
Severity ?
5.4 (Medium)
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53636",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-14T14:45:51.860688Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T20:13:13.885Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ondemand",
"vendor": "OSC",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.6, \u003c 3.1.14"
},
{
"status": "affected",
"version": "\u003e= 4.0.0-0.rc1, \u003c 4.0.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open OnDemand is an open-source HPC portal. Users can flood logs by interacting with the shell app and generating many errors. Users who flood logs can create very large log files causing a Denial of Service (DoS) to the ondemand system. This vulnerability is fixed in 3.1.14 and 4.0.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-779",
"description": "CWE-779: Logging of Excessive Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T21:20:14.261Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/OSC/ondemand/security/advisories/GHSA-x5xv-fw37-v524",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/OSC/ondemand/security/advisories/GHSA-x5xv-fw37-v524"
},
{
"name": "https://github.com/OSC/ondemand/commit/40800d68cd019c5f1c48b2deafebba6dff4abee2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OSC/ondemand/commit/40800d68cd019c5f1c48b2deafebba6dff4abee2"
},
{
"name": "https://github.com/OSC/ondemand/commit/96f29b995e1add7562516614e4dc8d961987e8b4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/OSC/ondemand/commit/96f29b995e1add7562516614e4dc8d961987e8b4"
}
],
"source": {
"advisory": "GHSA-x5xv-fw37-v524",
"discovery": "UNKNOWN"
},
"title": "Open OnDemand Shell App closed websocket DoS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-53636",
"datePublished": "2025-07-11T21:20:14.261Z",
"dateReserved": "2025-07-07T14:20:38.390Z",
"dateUpdated": "2025-07-14T20:13:13.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-53636\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-07-11T22:15:25.400\",\"lastModified\":\"2025-07-15T13:14:49.980\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Open OnDemand is an open-source HPC portal. Users can flood logs by interacting with the shell app and generating many errors. Users who flood logs can create very large log files causing a Denial of Service (DoS) to the ondemand system. This vulnerability is fixed in 3.1.14 and 4.0.6.\"},{\"lang\":\"es\",\"value\":\"Open OnDemand es un portal de HPC de c\u00f3digo abierto. Los usuarios pueden inundar los registros al interactuar con la aplicaci\u00f3n shell, lo que genera numerosos errores. Estos usuarios pueden crear archivos de registro muy grandes, lo que provoca una denegaci\u00f3n de servicio (DoS) en el sistema OnDemand. Esta vulnerabilidad se corrigi\u00f3 en las versiones 3.1.14 y 4.0.6.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"},{\"lang\":\"en\",\"value\":\"CWE-779\"}]}],\"references\":[{\"url\":\"https://github.com/OSC/ondemand/commit/40800d68cd019c5f1c48b2deafebba6dff4abee2\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/OSC/ondemand/commit/96f29b995e1add7562516614e4dc8d961987e8b4\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/OSC/ondemand/security/advisories/GHSA-x5xv-fw37-v524\",\"source\":\"security-advisories@github.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-53636\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-14T14:45:51.860688Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-14T14:45:55.966Z\"}}], \"cna\": {\"title\": \"Open OnDemand Shell App closed websocket DoS\", \"source\": {\"advisory\": \"GHSA-x5xv-fw37-v524\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"OSC\", \"product\": \"ondemand\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 1.6, \u003c 3.1.14\"}, {\"status\": \"affected\", \"version\": \"\u003e= 4.0.0-0.rc1, \u003c 4.0.6\"}]}], \"references\": [{\"url\": \"https://github.com/OSC/ondemand/security/advisories/GHSA-x5xv-fw37-v524\", \"name\": \"https://github.com/OSC/ondemand/security/advisories/GHSA-x5xv-fw37-v524\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/OSC/ondemand/commit/40800d68cd019c5f1c48b2deafebba6dff4abee2\", \"name\": \"https://github.com/OSC/ondemand/commit/40800d68cd019c5f1c48b2deafebba6dff4abee2\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/OSC/ondemand/commit/96f29b995e1add7562516614e4dc8d961987e8b4\", \"name\": \"https://github.com/OSC/ondemand/commit/96f29b995e1add7562516614e4dc8d961987e8b4\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Open OnDemand is an open-source HPC portal. Users can flood logs by interacting with the shell app and generating many errors. Users who flood logs can create very large log files causing a Denial of Service (DoS) to the ondemand system. This vulnerability is fixed in 3.1.14 and 4.0.6.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400: Uncontrolled Resource Consumption\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-779\", \"description\": \"CWE-779: Logging of Excessive Data\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-07-11T21:20:14.261Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-53636\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-07-14T20:13:13.885Z\", \"dateReserved\": \"2025-07-07T14:20:38.390Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-07-11T21:20:14.261Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…