← Back

CVE-2025-66838

nvd nist
Published: Jan 7, 2026Modified: Jan 21, 2026

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Exploitability: 2.8 / Impact: 3.6
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

In Aris v10.0.23.0.3587512 and before, the file upload functionality does not enforce any rate limiting or throttling, allowing users to upload files at an unrestricted rate. An attacker can exploit this behavior to rapidly upload a large volume of files, potentially leading to resource exhaustion such as disk space depletion, increased server load, or degraded performance

Affected (1)

Products: Softwareag: Aris
Softwareag
1 product
Aris
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Aris
Up to 10.0.23.0.3587512

Related CWEs

CWE-770
Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (2)

Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Product

Timeline

No history available yet.