CVE-2025-7579 | THREATINT

Description

A vulnerability was found in chinese-poetry 0.1. It has been rated as problematic. This issue affects some unknown processing of the file rank/server.js. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Eine Schwachstelle wurde in chinese-poetry 0.1 ausgemacht. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Datei rank/server.js. Mittels dem Manipulieren mit unbekannten Daten kann eine inefficient regular expression complexity-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

Reserved 2025-07-13 | Published 2025-07-14 | Updated 2025-07-14 | Assigner VulDB

MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R

MEDIUM: 4.3CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R

4.0AV:N/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR

Problem types

Inefficient Regular Expression Complexity

Resource Consumption

Timeline

2025-07-13:	Advisory disclosed
2025-07-13:	VulDB entry created
2025-07-13:	VulDB entry last update

Credits

DayShift (VulDB User) reporter

References

vuldb.com/?id.316277 (VDB-316277 | chinese-poetry server.js redos) vdb-entry

vuldb.com/?ctiid.316277 (VDB-316277 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/?submit.609704 (Submit #609704 | chinese-poetry <=v0.1 Inefficient Regular Expression Complexity) third-party-advisory

github.com/chinese-poetry/chinese-poetry/issues/396 issue-tracking

github.com/chinese-poetry/chinese-poetry/issues/396 exploit issue-tracking

cve.org (CVE-2025-7579)

nvd.nist.gov (CVE-2025-7579)

Download JSON