CVE-2025-64509

Name of the Vulnerable Software and Affected Versions Bugsink versions prior to 2.0.6

Description Bugsink is a self-hosted error tracking tool. A specially crafted Brotli-compressed envelope can cause Bugsink to expend excessive CPU time during decompression, resulting in a denial of service. This is possible if the Data Source Name (DSN) is known, which is common in many configurations like JavaScript and Mobile Apps. This issue is distinct from another Brotli-related problem in Bugsink.

Recommendations Update to Bugsink version 2.0.6 or later.