PT-2026-1865 · Software Ag · Aris
Published
2026-01-07
·
Updated
2026-01-21
·
CVE-2025-66838
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Aris versions prior to 10.0.23.0.3587512
Description
The file upload functionality does not implement rate limiting or throttling, enabling unrestricted file uploads. This allows an attacker to upload a large number of files quickly, potentially causing resource exhaustion, including disk space depletion, increased server load, and performance degradation.
Recommendations
Apply a rate limit or throttling mechanism to the file upload functionality.
Exploit
Fix
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Aris