CVE-2025-9648 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A vulnerability in the CivetWeb library's function mg_handle_form_request allows remote attackers to trigger a denial of service (DoS) condition. By sending a s…
High CVSS: 8.7

CVE-2025-9648

A vulnerability in the CivetWeb library's function mg_handle_form_request allows remote attackers to trigger a denial of service (DoS) condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an infinite loop during form data parsing. Multiple malicious requests will result in complete CPU exhaustion and render the service unresponsive to further requests.

This issue was fixed in commit 782e189. This issue affects only the library, standalone executable pre-built by vendor is not affected.
Vendor
-
Product
-
CWE
CWE-158
Yayın Tarihi
2025-09-29 12:15:49
Güncelleme
2025-09-29 19:34:10
Source Identifier
cvd@cert.pl
KEV Date Added
-

Kategoriler

CWE-158 HIGH 2025

Referanslar

https://cert.pl/en/posts/2025/09/CVE-2025-9648 https://github.com/civetweb/civetweb https://github.com/civetweb/civetweb/commit/782e18903515f43bafbf2e668994e82bdfa51133 https://github.com/civetweb/civetweb/issues/1348