CVE-2025-48058

Name of the Vulnerable Software and Affected Versions PowSyBl versions prior to 6.7.2

Description The issue is a potential polynomial Regular Expression Denial of Service (ReDoS) vulnerability in the PowSyBl's DataSource mechanism. This vulnerability can be exploited when the listNames(String regex) method is called on a DataSource with a user-supplied regular expression, allowing a malicious actor to cause significant CPU consumption due to regex backtracking. The attack requires control over the regex input and influence over the file/resource names being matched. In a multi-tenant environment, this can degrade the performance and availability of the server, affecting other users of the application.

Recommendations For versions prior to 6.7.2, update to com.powsybl:powsybl-commons:6.7.2 or higher to patch the vulnerability. As a temporary workaround, consider restricting access to the listNames(String regex) method or validating user-supplied regular expressions to minimize the risk of exploitation. Avoid using unvalidated user-supplied regular expressions in the listNames(String regex) method until the issue is resolved.