CVE-2025-63914

Name of the Vulnerable Software and Affected Versions Cinnamon kotaemon version 0.11.0

Description The may extract zip function in the libsktemktemindexfileui.py file does not validate the contents of uploaded ZIP files. Uploading a ZIP bomb could lead to excessive resource consumption during decompression. Extracted data from a successful attack may occupy disk space, potentially causing system unavailability. Users with file upload permissions can exploit this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.