PT-2025-37727 · Unknown · Apache Fory
R00T4Dm
·
Published
2025-09-08
·
Updated
2025-09-20
·
CVE-2025-59328
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Apache Fory versions prior to 0.12.2
Description
The issue is a Denial of Service (DoS) resulting from insecure deserialization of untrusted data. An attacker can provide a large, specially crafted data payload that consumes excessive CPU resources during deserialization, leading to CPU exhaustion and rendering the application or system unresponsive.
Recommendations
Upgrade to version 0.12.2 or later.
Fix
DoS
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Fory