CVE-2025-4215

Exploit

EPSS 0.13%
Published 02.05.2025 20:31:05
Last modified 17.06.2025 14:17:53
Source cna@vuldb.com
Teams watchlist Login
Open Login

A vulnerability was found in gorhill uBlock Origin up to 1.63.3b16. It has been classified as problematic. Affected is the function currentStateChanged of the file src/js/1p-filters.js of the component UI. The manipulation leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.63.3b17 is able to address this issue. The patch is identified as eaedaf5b10d2f7857c6b77fbf7d4a80681d4d46c. It is recommended to upgrade the affected component.

Affected products Warnungen 0 Metrics 5 CWE 2 References 9

Data is provided by the National Vulnerability Database (NVD)

Ublockorigin ≫ Ublock Origin Version < 1.63.3

Ublockorigin ≫ Ublock Origin Version1.63.3 Updatebeta1

Ublockorigin ≫ Ublock Origin Version1.63.3 Updatebeta10

Ublockorigin ≫ Ublock Origin Version1.63.3 Updatebeta11

Ublockorigin ≫ Ublock Origin Version1.63.3 Updatebeta12

Ublockorigin ≫ Ublock Origin Version1.63.3 Updatebeta13

Ublockorigin ≫ Ublock Origin Version1.63.3 Updatebeta14

Ublockorigin ≫ Ublock Origin Version1.63.3 Updatebeta15

Ublockorigin ≫ Ublock Origin Version1.63.3 Updatebeta16

Ublockorigin ≫ Ublock Origin Version1.63.3 Updatebeta2

Ublockorigin ≫ Ublock Origin Version1.63.3 Updatebeta3

Ublockorigin ≫ Ublock Origin Version1.63.3 Updatebeta4

Ublockorigin ≫ Ublock Origin Version1.63.3 Updatebeta5

Ublockorigin ≫ Ublock Origin Version1.63.3 Updatebeta6

Ublockorigin ≫ Ublock Origin Version1.63.3 Updatebeta7

Ublockorigin ≫ Ublock Origin Version1.63.3 Updatebeta8

Ublockorigin ≫ Ublock Origin Version1.63.3 Updatebeta9

Debian ≫ Debian Linux Version11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.13%	0.334

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	3.7	2.2	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
cna@vuldb.com	2.3	0	0	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	3.1	1.6	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
cna@vuldb.com	2.6	4.9	2.9	AV:N/AC:H/Au:N/C:N/I:N/A:P

CWE-1333 Inefficient Regular Expression Complexity

The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://vuldb.com/?id.307194

Third Party Advisory

VDB Entry

https://vuldb.com/?ctiid.307194

VDB Entry

Permissions Required

https://vuldb.com/?submit.562301

Third Party Advisory

VDB Entry

https://github.com/gorhill/uBlock/commit/eaedaf5b10d2f7857c6b77fbf7d4a80681d4d46c

Patch

Exploit