216.73.217.98

CVE-2025-1695

· Published 04/03/2025 01:15 · Modified 05/03/2025 15:19

Labels: CVE-2025-1695 2025-03-04CVE-2025-1695CWE-835[email protected]

Essential information

Published
04/03/2025 01:15
Modified
05/03/2025 15:19
Author
Creator
CVSS
5.3 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS metrics

Description

In NGINX Unit before version 1.34.2 with the Java Language Module in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization. This vulnerability allows a remote attacker to cause a degradation that can lead to a limited denial-of-service (DoS).  There is no control plane exposure; this is a data plane issue only.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
f5 / nginx cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*

References