CVE-2025-13901
Essential information
- Published
- 10/03/2026 19:17
- Modified
- —
- Author
- The MITRE Corporation
- Creator
- The MITRE Corporation
- CVSS
- 5.3 MEDIUM (v3.1) 6.9 MEDIUM (v4.0)
- CISA KEV
- No
- CWE
- CWE-404
- EPSS (First)
- P37.9% EPSS percentile: rank of this vulnerability versus all others. Higher percentile = more likely to be exploited. Learn more (score 0.00484)
- CVSS vector
-
—
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
CVSS metrics
- Access vector
- —
- Access complexity
- —
- Authentication
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- NETWORK
- Attack complexity
- LOW
- Privileges required
- NONE
- User interaction
- NONE
- Scope
- UNCHANGED
- Confidentiality impact
- NONE
- Integrity impact
- NONE
- Availability impact
- LOW
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- NETWORK
- Attack complexity
- LOW
- Attack requirements
- NONE
- Privileges required
- NONE
- User interaction
- NONE
- Confidentiality (V)
- NONE
- Confidentiality (S)
- NONE
- Integrity (V)
- NONE
- Integrity (S)
- NONE
- Availability (V)
- LOW
- Availability (S)
- NONE
- Exploit maturity
- —
Description
CWE-404 Improper Resource Shutdown or Release vulnerability exists that could cause partial Denial of Service on Machine Expert protocol when an unauthenticated attacker sends malicious payload to occupy active communication channels.
NVD status
- NVD
- View on NVD