CVE-2025-27911

Published: Mar 11, 2025Modified: Oct 10, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: MITRE (Secondary)

Description

An issue was discovered in Datalust Seq before 2024.3.13545. Expansion of identifiers in message templates can be used to bypass the system "Event body limit bytes" setting, leading to increased resource consumption. With sufficiently large events, there can be disk space exhaustion (if saved to disk) or a termination of the server process with an out-of-memory error.

Affected (1)

Products: Datalust: Seq

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Datalust Seq	Before 2024.3.13545

Related CWEs

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (2)

https://datalust.co/seq

Source: cve@mitre.org

Product

https://github.com/datalust/seq-tickets/issues/2365

Source: cve@mitre.org

Issue TrackingVendor Advisory

Timeline

No history available yet.