CVE-2025-52494

Name of the Vulnerable Software and Affected Versions Adacore Ada Web Server (AWS) versions prior to 25.2

Description The Adacore Ada Web Server (AWS) is susceptible to a denial-of-service (DoS) condition resulting from improper handling of SSL handshakes during connection initialization. The server lacks a specific timeout for the SSL handshake phase, relying on an effectively infinite default socket timeout. An attacker can exploit this by sending a malformed TLS ClientHello message with incorrect length values, causing the server to indefinitely wait for data. By establishing multiple such connections, an attacker can exhaust available worker threads, preventing the server from processing legitimate requests.

Recommendations Update to version 25.2 or later.