CVE-2025-6998

High CVSS: 8.7

ReDoS in strip_whitespaces() function in cps/string_helper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login. This issue affects Calibre Web: 0.6.24 (Nicolette); Autocaliweb: from 0.7.0 before 0.7.1.

Vendor

Product

CWE

CWE-1333

Yayın Tarihi

2025-07-24 20:15:27

Güncelleme

2025-07-25 15:29:19

Source Identifier

help@fluidattacks.com

KEV Date Added

Kategoriler

CWE-1333 HIGH 2025

Referanslar

https://fluidattacks.com/advisories/megadeth https://github.com/gelbphoenix/autocaliweb https://github.com/janeczku/calibre-web