CVE-2025-32952

EPSS 0.56%
Veröffentlicht 22.04.2025 17:32:11
Zuletzt bearbeitet 31.12.2025 15:55:53
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

io.jmix.localfs:jmix-localfs affected by DoS in the Local File Storage

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files, potentially causing the server to run out of space and return HTTP 500 error, resulting in a denial of service. This issue has been patched in versions 1.6.2 and 2.4.0. A workaround is provided on the Jmix documentation website.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 12

NVD 5 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Haulmont ≫ Cuba Platform Version >= 6.2.0 < 7.2.23

Haulmont ≫ Cuba Rest Api Version >= 7.1.1 < 7.2.7

Haulmont ≫ Jmix Framework Version >= 1.0.0 < 1.6.2

Haulmont ≫ Jmix Framework Version >= 2.0.0 < 2.4.0

Haulmont ≫ Jpa Web Api Version >= 1.0.0 < 1.1.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.56%	0.423

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://docs.jmix.io/jmix/files-vulnerabilities.html

Vendor Advisory

https://docs.jmix.io/jmix/files-vulnerabilities.html#disable-files-endpoint-in-jmix-application

Vendor Advisory

https://github.com/jmix-framework/jmix/security/advisories/GHSA-f3gv-cwwh-758m

Patch

Vendor Advisory

https://github.com/jmix-framework/jmix/commit/6a66aa3adb967159a30d703e80403406f4c8f7a2

Patch

https://github.com/jmix-framework/jmix/commit/c589ef4e2b25620770b8036f4ad05f1a6250cb6a

Patch

https://github.com/jmix-framework/jmix/commit/cc97e6ff974b9e7af8160fab39cc5866169daa37

Patch

https://github.com/jmix-framework/jmix/commit/f4e6fb05bd245cf36f3e9319aaa0fcd540d024aa

Patch

https://github.com/jmix-framework/jmix/issues/3804

Issue Tracking

https://github.com/jmix-framework/jmix/issues/3836

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2025-32952

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-32952

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-32952

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-32952