216.73.216.197

CVE-2025-35432

· Published 17/09/2025 17:15 · Modified 18/09/2025 13:43

Labels: CVE-2025-35432 2025-09-179119a7d8-5eab-497f-8521-727c672e3725CVE-2025-35432CWE-400

Essential information

Published
17/09/2025 17:15
Modified
18/09/2025 13:43
Author
Creator
CVSS
6.9 MEDIUM (v3) 6.9 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

CISA Thorium does not rate limit requests to send account verification email messages. A remote unauthenticated attacker can send unlimited messages to a user who is pending verification. Fixed in 1.1.1 by adding a rate limit set by default to 10 minutes.

NVD status

Status
Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
9119a7d8-5eab-497f-8521-727c672e3725
NVD
View on NVD

Affected products (CPE)

ProductCPE
cisa / thorium cpe:2.3:a:cisa:thorium:1.1.1:*:*:*:*:*:*:*

References