CVE-2025-66902

Exploit

EPSS 0.07%
Veröffentlicht 20.01.2026 00:00:00
Zuletzt bearbeitet 30.01.2026 20:21:29
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An input validation issue in in Pithikos websocket-server v.0.6.4 allows a remote attacker to obtain sensitive information or cause unexpected server behavior via the websocket_server/websocket_server.py, WebSocketServer._message_received components.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Pithikos ≫ Websocket Server Version0.6.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.2

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://github.com/cyberinvest211/websocket-server-vuln-poc/tree/main

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2025-66902

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-66902

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-66902

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-66902