CVE-2025-8396

CVSS v4.0

6.9

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L

Name of the Vulnerable Software and Affected Versions Temporal Server versions prior to 1.26.3 Temporal Server versions prior to 1.27.3 Temporal Server versions prior to 1.28.1

Description Insufficiently specific bounds checking on the authorization header could lead to denial of service in the Temporal server on all platforms due to excessive memory allocation.

Recommendations Update to Temporal Server version 1.26.3 or later. Update to Temporal Server version 1.27.3 or later. Update to Temporal Server version 1.28.1 or later.

Fix

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

CVE-2025-8396

GHSA-P768-C3PR-6459

GO-2025-3953

OPENSUSE-SU-2025:15564-1

SUSE-SU-2025:03289-1

Affected Products

Temporal Server

CVE-2025-8396

Weakness Enumeration

Related Identifiers

Affected Products

References · 49