CVE-2025-41707

Published: Oct 14, 2025Modified: Nov 3, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Exploitability: 3.9 / Impact: 1.4

Source: info@cert.vde.com (Secondary)

Description

The websocket handler is vulnerable to a denial of service condition. An unauthenticated remote attacker can send a crafted websocket message to trigger the issue without affecting the core functionality.

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://certvde.com/de/advisories/VDE-2025-072

Source: info@cert.vde.com

http://seclists.org/fulldisclosure/2025/Oct/12

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.