Home

Description

A low privileged remote attacker can run the webshell with an empty command containing whitespace. The server will then block until it receives more data, resulting in a DoS condition of the websserver.

PUBLISHED Reserved 2025-04-16 | Published 2025-12-09 | Updated 2025-12-09 | Assigner CERTVDE




MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-770 Allocation of Resources Without Limits or Throttling

Product status

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Default status
unaffected

0.0.0 (semver) before 3.50
affected

Credits

D. Blagojevic, S. Dietz, F. Koroknai, T. Weber from CyberDanube finder

References

certvde.com/de/advisories/VDE-2025-071

cve.org (CVE-2025-41694)

nvd.nist.gov (CVE-2025-41694)

Download JSON