CVE-2025-4565

CVSS v4.0

8.2

High

Vector

AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Protobuf versions prior to 6.31.1

Description The issue affects projects that use the Protobuf Pure-Python backend to parse untrusted Protocol Buffers data. This data can contain an arbitrary number of recursive groups, recursive messages, or a series of SGROUP tags, which can cause the application to exceed the Python recursion limit. As a result, this can lead to a Denial of Service by crashing the application with a RecursionError.

Recommendations For versions prior to 6.31.1, upgrade to version 6.31.1 or beyond commit 17838beda2943d08b8a9d4df5b68f5f04f26d901 to resolve the issue.

Fix

DoS

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674

Related Identifiers

AZL-64116

AZL-64145

BDU:2025-10926

CVE-2025-4565

ECHO-869D-3EC4-EFD0

GHSA-8QVM-5X2C-J2W7

OESA-2025-1713

OESA-2025-1714

OESA-2025-1798

OESA-2025-1799

OESA-2025-1800

OESA-2025-1801

OPENSUSE-SU-2025:15265-1

OPENSUSE-SU-2026:20390-1

RHSA-2026:1249

SUSE-SU-2025:02309-1

SUSE-SU-2025:02310-1

SUSE-SU-2025:02311-1

SUSE-SU-2025:20514-1

SUSE-SU-2025:20672-1

SUSE-SU-2025:3722-1

SUSE-SU-2025_02309-1

SUSE-SU-2025_02310-1

SUSE-SU-2025_02311-1

SUSE-SU-2025_3722-1

SUSE-SU-2026:1653-1

SUSE-SU-2026:20753-1

SUSE-SU-2026:20907-1

USN-7629-1

USN-7629-2

Affected Products

Astra Linux

Debian

Linuxmint

Protobuf

Red Os

Suse

Ubuntu

CVE-2025-4565

Weakness Enumeration

Related Identifiers

Affected Products

References · 73