PT-2025-17574 · Jmix · Jmix
Knstvk
·
Published
2025-04-22
·
Updated
2025-12-31
·
CVE-2025-32952
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Jmix versions 1.0.0 through 1.6.1
Jmix versions 2.0.0 through 2.3.4
Description
The local file storage implementation in Jmix does not restrict the size of uploaded files, allowing an attacker to upload excessively large files and potentially cause the server to run out of space, resulting in a denial of service.
Recommendations
For versions 1.0.0 through 1.6.1, update to version 1.6.2.
For versions 2.0.0 through 2.3.4, update to version 2.4.0.
As a temporary workaround, consider restricting the size of uploaded files to prevent excessive file uploads until a patch is applied.
Exploit
Fix
DoS
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jmix