CVE-2025-4001

CVSS v4.0

4.8

Medium

Vector

AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions scipopt scip versions up to 9.2.1

Description A vulnerability has been found in the function main of the file examples/LOP/src/genRandomLOPInstance.c of the component File Descriptor Handler. The manipulation of the argument File leads to uncontrolled file descriptor consumption. Local access is required to approach this attack.

Recommendations For scipopt scip versions up to 9.2.1, upgrade to version 9.2.2 to address this issue. As a temporary workaround, consider restricting access to the vulnerable component File Descriptor Handler until the upgrade is applied.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-769

Related Identifiers

CVE-2025-4001

Affected Products

Scipopt Scip

CVE-2025-4001

Weakness Enumeration

Related Identifiers

Affected Products

References · 13