CVE-2025-4444

EPSS 0.06%
Veröffentlicht 18.09.2025 13:58:52
Zuletzt bearbeitet 19.09.2025 16:00:27
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

A security flaw has been discovered in Tor up to 0.4.7.16/0.4.8.17. Impacted is an unknown function of the component Onion Service Descriptor Handler. Performing manipulation results in resource consumption. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is considered difficult. Upgrading to version 0.4.8.18 and 0.4.9.3-alpha is recommended to address this issue. It is recommended to upgrade the affected component.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 9

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellern/a

≫

Produkt Tor

Version 0.4.7.0

Status affected

Version 0.4.7.1

Status affected

Version 0.4.7.2

Status affected

Version 0.4.7.3

Status affected

Version 0.4.7.4

Status affected

Version 0.4.7.5

Status affected

Version 0.4.7.6

Status affected

Version 0.4.7.7

Status affected

Version 0.4.7.8

Status affected

Version 0.4.7.9

Status affected

Version 0.4.7.10

Status affected

Version 0.4.7.11

Status affected

Version 0.4.7.12

Status affected

Version 0.4.7.13

Status affected

Version 0.4.7.14

Status affected

Version 0.4.7.15

Status affected

Version 0.4.7.16

Status affected

Version 0.4.8.0

Status affected

Version 0.4.8.1

Status affected

Version 0.4.8.2

Status affected

Version 0.4.8.3

Status affected

Version 0.4.8.4

Status affected

Version 0.4.8.5

Status affected

Version 0.4.8.6

Status affected

Version 0.4.8.7

Status affected

Version 0.4.8.8

Status affected

Version 0.4.8.9

Status affected

Version 0.4.8.10

Status affected

Version 0.4.8.11

Status affected

Version 0.4.8.12

Status affected

Version 0.4.8.13

Status affected

Version 0.4.8.14

Status affected

Version 0.4.8.15

Status affected

Version 0.4.8.16

Status affected

Version 0.4.8.17

Status affected

Version 0.4.8.18

Status unaffected

Version 0.4.9.3-alpha

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.175

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@vuldb.com	3.7	2.2	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
cna@vuldb.com	6.3	0	0	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	2.6	4.9	2.9	AV:N/AC:H/Au:N/C:N/I:N/A:P

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

https://vuldb.com/?id.324814

https://vuldb.com/?ctiid.324814

https://vuldb.com/?submit.640605

https://github.com/chunmianwang/Tordos

https://gitlab.torproject.org/tpo/core/tor/-/raw/release-0.4.8/ReleaseNotes

https://forum.torproject.org/t/alpha-and-stable-release-0-4-8-18-and-0-4-9-3-alpha/20578

https://nvd.nist.gov/vuln/detail/CVE-2025-4444

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-4444

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-4444

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-4444