PT-2025-17574 · Jmix · Jmix

Knstvk

Publicado

2025-04-22

Atualizado

2025-12-31

CVE-2025-32952

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Jmix versions 1.0.0 through 1.6.1 Jmix versions 2.0.0 through 2.3.4

Description The local file storage implementation in Jmix does not restrict the size of uploaded files, allowing an attacker to upload excessively large files and potentially cause the server to run out of space, resulting in a denial of service.

Recommendations For versions 1.0.0 through 1.6.1, update to version 1.6.2. For versions 2.0.0 through 2.3.4, update to version 2.4.0. As a temporary workaround, consider restricting the size of uploaded files to prevent excessive file uploads until a patch is applied.

Exploit

Correção

DoS

Allocation of Resources Without Limits

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-770

Identificadores relacionados

BDU:2025-06373

CVE-2025-32952

GHSA-F3GV-CWWH-758M

Produtos afetados

Jmix

PT-2025-17574 · Jmix · Jmix

CVE-2025-32952

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 21