PT-2025-36462 · Amd · Xilinx Run Time
Published
2025-09-08
·
Updated
2025-11-24
·
CVE-2025-0005
CVSS v3.1
7.3
High
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H |
Name of the Vulnerable Software and Affected Versions
API Gateway version 7.2.0
Description
A flaw in input validation within the XOCL driver could allow a local attacker to trigger an integer overflow, potentially leading to a crash or denial of service. Additionally, an information disclosure issue exists in the API Gateway, allowing unauthenticated remote attackers to access sensitive information through a specially crafted HTTP request due to improper access control in API endpoints.
Recommendations
Update to API Gateway version 7.2.1 and implement proper access controls.
Fix
DoS
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xilinx Run Time