CVE-2025-32959

Name of the Vulnerable Software and Affected Versions CUBA Platform versions prior to 7.2.23

Description The local file storage implementation in CUBA Platform does not restrict the size of uploaded files, allowing an attacker to upload excessively large files. This could cause the server to run out of space and return an HTTP 500 error, resulting in a denial of service.

Recommendations For versions prior to 7.2.23, update to version 7.2.23 to resolve the issue. As a temporary workaround, consider implementing file size restrictions on the local file storage implementation until the patch is applied.