Vulnerability-Lookup

FKIE_CVE-2025-69873

Vulnerability from fkie_nvd - Published: 2026-02-11 19:15 - Updated: 2026-06-17 10:00

Severity

2.9 (Low) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp() constructor without validation. An attacker can inject a malicious regex pattern (e.g., "^(a|a)*$") combined with crafted input to cause catastrophic backtracking. A 31-character payload causes approximately 44 seconds of CPU blocking, with each additional character doubling execution time. This enables complete denial of service with a single HTTP request against any API using ajv with $data: true for dynamic schema validation. This issue is also fixed in version 6.14.0.

References

	URL	Tags
	cve@mitre.org	https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md
	cve@mitre.org	https://github.com/advisories/GHSA-2g4f-4pwh-qvx6
	cve@mitre.org	https://github.com/ajv-validator/ajv/pull/2588
	cve@mitre.org	https://github.com/ajv-validator/ajv/pull/2590
	cve@mitre.org	https://github.com/ajv-validator/ajv/releases/tag/v6.14.0
	cve@mitre.org	https://github.com/github/advisory-database/pull/6991

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "defaultStatus": "unaffected",
          "product": "ajv",
          "vendor": "ajv.js",
          "versions": [
            {
              "lessThan": "6.14.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "8.17.2",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "source": "cve@mitre.org"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp() constructor without validation. An attacker can inject a malicious regex pattern (e.g., \"^(a|a)*$\") combined with crafted input to cause catastrophic backtracking. A 31-character payload causes approximately 44 seconds of CPU blocking, with each additional character doubling execution time. This enables complete denial of service with a single HTTP request against any API using ajv with $data: true for dynamic schema validation. This issue is also fixed in version 6.14.0."
    },
    {
      "lang": "es",
      "value": "ajv (Another JSON Schema Validator) hasta la versi\u00f3n 8.17.1 es vulnerable a la denegaci\u00f3n de servicio por expresiones regulares (ReDoS) cuando la opci\u00f3n $data est\u00e1 habilitada. La palabra clave \u0027pattern\u0027 acepta datos en tiempo de ejecuci\u00f3n a trav\u00e9s de la sintaxis JSON Pointer (referencia $data), que se pasa directamente al constructor JavaScript RegExp() sin validaci\u00f3n. Un atacante puede inyectar un patr\u00f3n de expresi\u00f3n regular malicioso (por ejemplo, \u0027^(a|a)*$\u0027) combinado con una entrada manipulada para causar un retroceso catastr\u00f3fico. Una carga \u00fatil de 31 caracteres causa aproximadamente 44 segundos de bloqueo de CPU, y cada car\u00e1cter adicional duplica el tiempo de ejecuci\u00f3n. Esto permite una denegaci\u00f3n de servicio completa con una \u00fanica solicitud HTTP contra cualquier API que utilice ajv con $data: true para la validaci\u00f3n din\u00e1mica de esquemas."
    }
  ],
  "id": "CVE-2025-69873",
  "lastModified": "2026-06-17T10:00:54.653",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 2.9,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.4,
        "impactScore": 1.4,
        "source": "cve@mitre.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2025-69873",
          "options": [
            {
              "exploitation": "poc"
            },
            {
              "automatable": "yes"
            },
            {
              "technicalImpact": "partial"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2026-02-12T15:13:03.482882Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2026-02-11T19:15:50.467",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/advisories/GHSA-2g4f-4pwh-qvx6"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/ajv-validator/ajv/pull/2588"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/ajv-validator/ajv/pull/2590"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/ajv-validator/ajv/releases/tag/v6.14.0"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/github/advisory-database/pull/6991"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1333"
        }
      ],
      "source": "cve@mitre.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

CVE-2025-69873 (GCVE-0-2025-69873)

Vulnerability from cvelistv5 – Published: 2026-02-11 00:00 – Updated: 2026-06-30 03:15

Summary

Severity

2.9 (Low)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: poc Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-1333 - Inefficient Regular Expression Complexity
CWE-400 - Uncontrolled Resource Consumption

Assigner

mitre

References

31 references

URL	Tags
https://github.com/advisories/GHSA-2g4f-4pwh-qvx6
https://github.com/EthanKim88/ethan-cve-disclosur…
https://github.com/github/advisory-database/pull/6991
https://github.com/ajv-validator/ajv/pull/2588
https://github.com/ajv-validator/ajv/releases/tag…
https://github.com/ajv-validator/ajv/pull/2590
https://access.redhat.com/security/cve/CVE-2025-69873	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2439070	issue-trackingx_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/v…	x_sadp-csaf-vex
https://access.redhat.com/errata/RHSA-2026:33371	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:13512	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:6277	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:16874	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:6309	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:9742	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:6802	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:5807	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:19712	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:15091	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:14774	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:5910	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:5907	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:10093	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:6192	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:7314	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:6568	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:6497	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:6567	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:5168	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:26214	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:26211	vendor-advisoryx_refsource_REDHAT

Impacted products

65 products

Vendor	Product	Version
ajv.js	ajv	Affected: 0 , < 6.14.0 (semver) Affected: 7.0.0 , < 8.17.2 (semver)
Red Hat	Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server	cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Red Hat	Red Hat Ansible Automation Platform 2.5 for RHEL 8	cpe:/a:redhat:ansible_automation_platform:2.5::el8 cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8 cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8
Red Hat	Red Hat Ansible Automation Platform 2.5 for RHEL 9	cpe:/a:redhat:ansible_automation_platform:2.5::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9
Red Hat	Red Hat Ansible Automation Platform 2.6 for RHEL 9	cpe:/a:redhat:ansible_automation_platform:2.6::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9
Red Hat	Network Observability (NETOBSERV) 1.11.2	cpe:/a:redhat:network_observ_optr:1.11::el9
Red Hat	Red Hat Ansible Automation Platform 2.6	cpe:/a:redhat:ansible_automation_platform:2.6::el9
Red Hat	Red Hat Developer Hub 1.8	cpe:/a:redhat:rhdh:1.8::el9
Red Hat	Red Hat Developer Hub 1.9	cpe:/a:redhat:rhdh:1.9::el9
Red Hat	Red Hat OpenShift AI 2.16	cpe:/a:redhat:openshift_ai:2.16::el8
Red Hat	Red Hat OpenShift AI 3.3	cpe:/a:redhat:openshift_ai:3.3::el9
Red Hat	Red Hat OpenShift Container Platform 4.14	cpe:/a:redhat:openshift:4.14::el9
Red Hat	Red Hat OpenShift Container Platform 4.15	cpe:/a:redhat:openshift:4.15::el9
Red Hat	Red Hat OpenShift Container Platform 4.16	cpe:/a:redhat:openshift:4.16::el9
Red Hat	Red Hat OpenShift Container Platform 4.17	cpe:/a:redhat:openshift:4.17::el9
Red Hat	Red Hat OpenShift Container Platform 4.19	cpe:/a:redhat:openshift:4.19::el9
Red Hat	Red Hat OpenShift Dev Spaces 3.27	cpe:/a:redhat:openshift_devspaces:3.27::el9
Red Hat	Red Hat Quay 3.14	cpe:/a:redhat:quay:3.14::el8
Red Hat	Red Hat Quay 3.15	cpe:/a:redhat:quay:3.15::el8
Red Hat	Red Hat Quay 3.16	cpe:/a:redhat:quay:3.16::el9
Red Hat	Red Hat Quay 3.9	cpe:/a:redhat:quay:3.9::el8
Red Hat	Red Hat Satellite 6.18	cpe:/a:redhat:satellite:6.18::el9
Red Hat	Confidential Compute Attestation	cpe:/a:redhat:confidential_compute_attestation:1
Red Hat	Logging Subsystem for Red Hat OpenShift	cpe:/a:redhat:logging:5
Red Hat	Node HealthCheck Operator	cpe:/a:redhat:workload_availability_nhc:0
Red Hat	OpenShift Pipelines	cpe:/a:redhat:openshift_pipelines:1
Red Hat	Red Hat 3scale API Management Platform 2	cpe:/a:redhat:red_hat_3scale_amp:2
Red Hat	Red Hat Ansible Automation Platform 2	cpe:/a:redhat:ansible_automation_platform:2
Red Hat	Red Hat build of Apicurio Registry 2	cpe:/a:redhat:service_registry:2
Red Hat	Red Hat Connectivity Link 1	cpe:/a:redhat:connectivity_link:1
Red Hat	Red Hat Data Grid 8	cpe:/a:redhat:jboss_data_grid:8
Red Hat	Red Hat Edge Manager 1	cpe:/a:redhat:edge_manager:1
Red Hat	Red Hat Enterprise Linux AI (RHEL AI) 3	cpe:/a:redhat:enterprise_linux_ai:3
Red Hat	Red Hat Fuse 7	cpe:/a:redhat:jboss_fuse:7
Red Hat	Red Hat Openshift Data Foundation 4	cpe:/a:redhat:openshift_data_foundation:4
Red Hat	Red Hat OpenShift Dev Spaces	cpe:/a:redhat:openshift_devspaces:3
Red Hat	Red Hat OpenShift GitOps	cpe:/a:redhat:openshift_gitops:1
Red Hat	Red Hat Single Sign-On 7	cpe:/a:redhat:red_hat_single_sign_on:7
Red Hat	streams for Apache Kafka 3	cpe:/a:redhat:amq_streams:3
Red Hat	Red Hat Ansible Automation Platform 2.6 for RHEL 10	cpe:/a:redhat:ansible_automation_platform:2.6::el10 cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10
Red Hat	Cryostat 4	cpe:/a:redhat:cryostat:4
Red Hat	Gatekeeper 3	cpe:/a:redhat:gatekeeper:3
Red Hat	Multicluster Engine for Kubernetes	cpe:/a:redhat:multicluster_engine
Red Hat	Network Observability Operator	cpe:/a:redhat:network_observ_optr:1
Red Hat	OpenShift Service Mesh 2	cpe:/a:redhat:service_mesh:2
Red Hat	OpenShift Service Mesh 3	cpe:/a:redhat:service_mesh:3
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2	cpe:/a:redhat:acm:2
Red Hat	Red Hat Advanced Cluster Security 4	cpe:/a:redhat:advanced_cluster_security:4
Red Hat	Red Hat AMQ Broker 7	cpe:/a:redhat:amq_broker:7
Red Hat	Red Hat build of Apache Camel - HawtIO 4	cpe:/a:redhat:apache_camel_hawtio:4
Red Hat	Red Hat build of OptaPlanner 8	cpe:/a:redhat:optaplanner:::el6
Red Hat	Red Hat Directory Server 11	cpe:/a:redhat:directory_server:11
Red Hat	Red Hat Directory Server 12	cpe:/a:redhat:directory_server:12
Red Hat	Red Hat Directory Server 13	cpe:/a:redhat:directory_server:13
Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9
Red Hat	Red Hat JBoss Enterprise Application Platform 7	cpe:/a:redhat:jboss_enterprise_application_platform:7
Red Hat	Red Hat JBoss Enterprise Application Platform 8	cpe:/a:redhat:jboss_enterprise_application_platform:8
Red Hat	Red Hat JBoss Enterprise Application Platform Expansion Pack	cpe:/a:redhat:jbosseapxp
Red Hat	Red Hat OpenShift AI (RHOAI)	cpe:/a:redhat:openshift_ai
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4
Red Hat	Red Hat Process Automation 7	cpe:/a:redhat:jboss_enterprise_bpms_platform:7
Red Hat	Red Hat Satellite 6	cpe:/a:redhat:satellite:6
Red Hat	streams for Apache Kafka 2	cpe:/a:redhat:amq_streams:2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-69873",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-12T15:13:03.482882Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-03T17:25:31.651Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:ansible_automation_platform:2.5::el8",
              "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
              "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:ansible_automation_platform:2.5::el9",
              "cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
              "cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:ansible_automation_platform:2.6::el9",
              "cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9",
              "cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:network_observ_optr:1.11::el9"
            ],
            "defaultStatus": "affected",
            "product": "Network Observability (NETOBSERV) 1.11.2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Ansible Automation Platform 2.6",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhdh:1.8::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Developer Hub 1.8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhdh:1.9::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Developer Hub 1.9",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_ai:2.16::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift AI 2.16",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_ai:3.3::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift AI 3.3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.14::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.14",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.15::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.15",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.16::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.16",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.17::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.17",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.19::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.19",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_devspaces:3.27::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Dev Spaces 3.27",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:quay:3.14::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Quay 3.14",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:quay:3.15::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Quay 3.15",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:quay:3.16::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Quay 3.16",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:quay:3.9::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Quay 3.9",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:satellite:6.18::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Satellite 6.18",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:confidential_compute_attestation:1"
            ],
            "defaultStatus": "affected",
            "product": "Confidential Compute Attestation",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:logging:5"
            ],
            "defaultStatus": "affected",
            "product": "Logging Subsystem for Red Hat OpenShift",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:workload_availability_nhc:0"
            ],
            "defaultStatus": "affected",
            "product": "Node HealthCheck Operator",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_pipelines:1"
            ],
            "defaultStatus": "affected",
            "product": "OpenShift Pipelines",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:red_hat_3scale_amp:2"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat 3scale API Management Platform 2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:ansible_automation_platform:2"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Ansible Automation Platform 2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:service_registry:2"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat build of Apicurio Registry 2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:connectivity_link:1"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Connectivity Link 1",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:jboss_data_grid:8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Data Grid 8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:edge_manager:1"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Edge Manager 1",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux_ai:3"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:jboss_fuse:7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Fuse 7",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Openshift Data Foundation 4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_devspaces:3"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Dev Spaces",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_gitops:1"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift GitOps",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:red_hat_single_sign_on:7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Single Sign-On 7",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:amq_streams:3"
            ],
            "defaultStatus": "affected",
            "product": "streams for Apache Kafka 3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:ansible_automation_platform:2.6::el10",
              "cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Ansible Automation Platform 2.6 for RHEL 10",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:cryostat:4"
            ],
            "defaultStatus": "unaffected",
            "product": "Cryostat 4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:gatekeeper:3"
            ],
            "defaultStatus": "unaffected",
            "product": "Gatekeeper 3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:multicluster_engine"
            ],
            "defaultStatus": "unaffected",
            "product": "Multicluster Engine for Kubernetes",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:network_observ_optr:1"
            ],
            "defaultStatus": "unaffected",
            "product": "Network Observability Operator",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:service_mesh:2"
            ],
            "defaultStatus": "unaffected",
            "product": "OpenShift Service Mesh 2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:service_mesh:3"
            ],
            "defaultStatus": "unaffected",
            "product": "OpenShift Service Mesh 3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:acm:2"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:advanced_cluster_security:4"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Advanced Cluster Security 4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:amq_broker:7"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat AMQ Broker 7",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:apache_camel_hawtio:4"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat build of Apache Camel - HawtIO 4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:optaplanner:::el6"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat build of OptaPlanner 8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:directory_server:11"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Directory Server 11",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:directory_server:12"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Directory Server 12",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:directory_server:13"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Directory Server 13",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Enterprise Linux 10",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:8"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Enterprise Linux 8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:9"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Enterprise Linux 9",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:jboss_enterprise_application_platform:7"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat JBoss Enterprise Application Platform 7",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:jboss_enterprise_application_platform:8"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat JBoss Enterprise Application Platform 8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:jbosseapxp"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_ai"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat OpenShift AI (RHOAI)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat OpenShift Container Platform 4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Process Automation 7",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:satellite:6"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Satellite 6",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:amq_streams:2"
            ],
            "defaultStatus": "unaffected",
            "product": "streams for Apache Kafka 2",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-02-11T00:00:00.000Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service."
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-1333",
                "description": "Inefficient Regular Expression Complexity",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-30T03:15:35.561Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2025-69873"
          },
          {
            "name": "RHBZ#2439070",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439070"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-69873.json"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:33371"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:13512"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:6277"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:16874"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:6309"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:9742"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:6802"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:5807"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19712"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:15091"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:14774"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:5910"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:5907"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:10093"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:6192"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:7314"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:6568"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:6497"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:6567"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:5168"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:26214"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:26211"
          }
        ],
        "solutions": [
          {
            "lang": "en",
            "value": "RHSA-2026:33371: Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:13512: Red Hat Ansible Automation Platform 2.5 for RHEL 8, Red Hat Ansible Automation Platform 2.5 for RHEL 9"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:6277: Red Hat Ansible Automation Platform 2.6 for RHEL 9"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:16874: Network Observability (NETOBSERV) 1.11.2"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:6309: Red Hat Ansible Automation Platform 2.6"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:9742: Red Hat Developer Hub 1.8"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:6802: Red Hat Developer Hub 1.9"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:5807: Red Hat OpenShift AI 2.16"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19712: Red Hat OpenShift AI 3.3"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:15091: Red Hat OpenShift Container Platform 4.14"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:14774: Red Hat OpenShift Container Platform 4.15"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:5910: Red Hat OpenShift Container Platform 4.16"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:5907: Red Hat OpenShift Container Platform 4.17"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:10093: Red Hat OpenShift Container Platform 4.19"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:6192: Red Hat OpenShift Dev Spaces 3.27"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:7314: Red Hat Quay 3.14"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:6568: Red Hat Quay 3.15"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:6497: Red Hat Quay 3.16"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:6567: Red Hat Quay 3.16"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:5168: Red Hat Quay 3.9"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:26214: Red Hat Satellite 6.18"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:26211: Red Hat Satellite 6.18"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-02-11T19:01:32.953Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-02-11T00:00:00.000Z",
            "value": "Made public."
          }
        ],
        "title": "ajv: ReDoS via $data reference",
        "workarounds": [
          {
            "lang": "en",
            "value": "To mitigate this issue, disable the $data feature if your application does not require it. If $data must be used, implement strict validation of the input fields that are referenced by the pattern keyword to ensure they contain only expected and safe characters."
          }
        ],
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "ajv",
          "vendor": "ajv.js",
          "versions": [
            {
              "lessThan": "6.14.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "8.17.2",
              "status": "affected",
              "version": "7.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:ajv.js:ajv:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14.0",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:ajv.js:ajv:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "8.17.2",
                  "versionStartIncluding": "7.0.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp() constructor without validation. An attacker can inject a malicious regex pattern (e.g., \"^(a|a)*$\") combined with crafted input to cause catastrophic backtracking. A 31-character payload causes approximately 44 seconds of CPU blocking, with each additional character doubling execution time. This enables complete denial of service with a single HTTP request against any API using ajv with $data: true for dynamic schema validation. This issue is also fixed in version 6.14.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 2.9,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "CWE-1333 Inefficient Regular Expression Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-02T20:22:25.698Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/advisories/GHSA-2g4f-4pwh-qvx6"
        },
        {
          "url": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md"
        },
        {
          "url": "https://github.com/github/advisory-database/pull/6991"
        },
        {
          "url": "https://github.com/ajv-validator/ajv/pull/2588"
        },
        {
          "url": "https://github.com/ajv-validator/ajv/releases/tag/v6.14.0"
        },
        {
          "url": "https://github.com/ajv-validator/ajv/pull/2590"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-69873",
    "datePublished": "2026-02-11T00:00:00.000Z",
    "dateReserved": "2026-01-09T00:00:00.000Z",
    "dateUpdated": "2026-06-30T03:15:35.561Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2025-69873

CVE-2025-69873 (GCVE-0-2025-69873)

Tags

Sightings

Nomenclature