CVE-2025-35432

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Thorium versions prior to 1.1.1

Description Thorium does not limit the rate of requests to send account verification email messages. This allows a remote, unauthenticated attacker to send an unlimited number of messages to a user awaiting verification.

Recommendations Update to version 1.1.1 or later to implement the default rate limit of 10 minutes for account verification email requests.

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

BDU:2026-03192

CVE-2025-35432

Affected Products

Thorium

CVE-2025-35432

Weakness Enumeration

Related Identifiers

Affected Products

References · 9