CVE-2025-66838

Medium CVSS: 6.5

In Aris v10.0.23.0.3587512 and before, the file upload functionality does not enforce any rate limiting or throttling, allowing users to upload files at an unrestricted rate. An attacker can exploit this behavior to rapidly upload a large volume of files, potentially leading to resource exhaustion such as disk space depletion, increased server load, or degraded performance

Vendor

Softwareag

Product

Aris

CWE

CWE-770

Yayın Tarihi

2026-01-07 16:15:51

Güncelleme

2026-01-21 22:06:28

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-770 Aris MEDIUM Softwareag 2026

Referanslar

https://github.com/saykino/CVE-2025-66838/ https://www.softwareag.com/