CVE-2025-30160

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Redlib versions prior to 0.36.0

Description A denial-of-service condition can be triggered by submitting a specially crafted base2048-encoded DEFLATE decompression bomb to the restore preferences form, leading to excessive memory consumption and potential system instability. This can disrupt Redlib instances.

Recommendations For versions prior to 0.36.0, update to version 0.36.0 to resolve the issue. As a temporary workaround, consider restricting access to the restore preferences form to minimize the risk of exploitation.

Exploit

Fix

DoS

Resource Exhaustion

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-502

Related Identifiers

CVE-2025-30160

GHSA-G8VQ-V3MG-7MRG

Affected Products

Redlib

CVE-2025-30160

Weakness Enumeration

Related Identifiers

Affected Products

References · 16