CVE-2025-49000

CVSS v3.1

5.7

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions InvenTree versions prior to 0.17.13

Description The issue affects the built-in label-sheet plugin, where the skip field lacks an upper bound. This allows any authenticated label-printing user to trigger a denial-of-service via memory exhaustion by providing a large value, forcing the server to allocate an enormous Python list.

Recommendations For versions prior to 0.17.13, upgrade to version 0.17.13 or higher to resolve the issue. At the moment, there is no workaround available aside from upgrading to the patched version.

Exploit

Fix

DoS

Resource Exhaustion

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-770

Related Identifiers

CVE-2025-49000

GHSA-M2CH-H84R-P9R6

Affected Products

Inventree

CVE-2025-49000

Weakness Enumeration

Related Identifiers

Affected Products

References · 9