exploitDog

CVE-2025-66838

Опубликовано: 07 янв. 2026

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

In Aris v10.0.23.0.3587512 and before, the file upload functionality does not enforce any rate limiting or throttling, allowing users to upload files at an unrestricted rate. An attacker can exploit this behavior to rapidly upload a large volume of files, potentially leading to resource exhaustion such as disk space depletion, increased server load, or degraded performance

Ссылки

https://github.com/saykino/CVE-2025-66838/
Third Party Advisory
https://www.softwareag.com/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:softwareag:aris:*:*:*:*:*:*:*:*

Версия до 10.0.23.0.3587512 (включая)

EPSS

Процентиль: 13%

0.00044

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-770

Связанные уязвимости

GHSA-2xw3-m2wf-5r5m

CVSS3: 6.5

github

около 1 месяца назад

In Aris v10.0.23.0.3587512 and before, the file upload functionality does not enforce any rate limiting or throttling, allowing users to upload files at an unrestricted rate. An attacker can exploit this behavior to rapidly upload a large volume of files, potentially leading to resource exhaustion such as disk space depletion, increased server load, or degraded performance

EPSS

Процентиль: 13%

0.00044

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-770