Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-14310

Summary
Assigner-GovTech CSG
Assigner Org ID-1a37b84a-8e51-4525-b3d6-87e2fae01dbd
Published At-09 Dec, 2025 | 07:54
Updated At-09 Dec, 2025 | 14:36
Rejected At-
Credits

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in rethinkdb.This issue affects rethinkdb: before 2.4.4.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GovTech CSG
Assigner Org ID:1a37b84a-8e51-4525-b3d6-87e2fae01dbd
Published At:09 Dec, 2025 | 07:54
Updated At:09 Dec, 2025 | 14:36
Rejected At:
▼CVE Numbering Authority (CNA)

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in rethinkdb.This issue affects rethinkdb: before 2.4.4.

Affected Products
Vendor
rethinkdb
Product
rethinkdb
Default Status
unaffected
Versions
Affected
  • From 0 before 2.4.4 (git)
Problem Types
TypeCWE IDDescription
CWECWE-120CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Type: CWE
CWE ID: CWE-120
Description: CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Metrics
VersionBase scoreBase severityVector
4.09.3CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 9.3
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
TITAN Team (titancaproject@gmail.com)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/rethinkdb/rethinkdb/pull/7163
patch
Hyperlink: https://github.com/rethinkdb/rethinkdb/pull/7163
Resource:
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve_disclosure@tech.gov.sg
Published At:09 Dec, 2025 | 16:17
Updated At:09 Dec, 2025 | 18:37

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in rethinkdb.This issue affects rethinkdb: before 2.4.4.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.09.3CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 4.0
Base score: 9.3
Base severity: CRITICAL
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-120Secondarycve_disclosure@tech.gov.sg
CWE ID: CWE-120
Type: Secondary
Source: cve_disclosure@tech.gov.sg
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/rethinkdb/rethinkdb/pull/7163cve_disclosure@tech.gov.sg
N/A
Hyperlink: https://github.com/rethinkdb/rethinkdb/pull/7163
Source: cve_disclosure@tech.gov.sg
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

5Records found
CVE-2026-24810
Matching Score-6
Assigner-Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)
ShareView Details
Matching Score-6
Assigner-Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)
CVSS Score-10||CRITICAL
EPSS-0.06% / 18.77%
||
7 Day CHG~0.00%
Published-27 Jan, 2026 | 08:47
Updated-27 Jan, 2026 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
A buffer overflow in rethinkdb/rethinkdb

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in rethinkdb (src/cjson modules). This vulnerability is associated with program files cJSON.Cc. This issue affects rethinkdb: through v2.4.4.

Action-Not Available
Vendor-rethinkdb
Product-rethinkdb
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-0960
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-9.3||CRITICAL
EPSS-0.89% / 75.33%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 19:34
Updated-04 Feb, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AutomationDirect C-more EA9 HMI Classic Buffer Overflow

AutomationDirect C-more EA9 HMI contains a function with bounds checks that can be skipped, which could result in an attacker abusing the function to cause a denial-of-service condition or achieving remote code execution on the affected device.

Action-Not Available
Vendor-AutomationDirect
Product-C-more EA9 HMI EA9-T6CLC-more EA9 HMI EA9-T10CLC-more EA9 HMI EA9-T15CLC-more EA9 HMI EA9-T12CLC-more EA9 HMI EA9-RHMIC-more EA9 HMI EA9-T7CL-RC-more EA9 HMI EA9-T7CLC-more EA9 HMI EA9-T8CLC-more EA9 HMI EA9-T10WCLC-more EA9 HMI EA9-T15CL-R
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-8760
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-9.3||CRITICAL
EPSS-0.18% / 40.31%
||
7 Day CHG~0.00%
Published-13 Aug, 2025 | 06:14
Updated-13 Aug, 2025 | 17:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
INSTAR 2K+/4K fcgi_server base64_decode buffer overflow

A vulnerability was identified in INSTAR 2K+ and 4K 3.11.1 Build 1124. This affects the function base64_decode of the component fcgi_server. The manipulation of the argument Authorization leads to buffer overflow. It is possible to initiate the attack remotely.

Action-Not Available
Vendor-INSTAR
Product-4K2K+
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-5408
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-9.3||CRITICAL
EPSS-0.17% / 38.27%
||
7 Day CHG+0.02%
Published-01 Jun, 2025 | 21:31
Updated-02 Jun, 2025 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WAVLINK WL-WN576K1 HTTP POST Request login.cgi sys_login buffer overflow

A vulnerability was found in WAVLINK QUANTUM D2G, QUANTUM D3G, WL-WN530G3A, WL-WN530HG3, WL-WN532A3 and WL-WN576K1 up to V1410_240222 and classified as critical. Affected by this issue is the function sys_login of the file /cgi-bin/login.cgi of the component HTTP POST Request Handler. The manipulation of the argument login_page leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-WAVLINK Technology Ltd.
Product-WL-WN532A3QUANTUM D3GWL-WN530HG3QUANTUM D2GWL-WN576K1WL-WN530G3A
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-12373
Matching Score-4
Assigner-Rockwell Automation
ShareView Details
Matching Score-4
Assigner-Rockwell Automation
CVSS Score-9.3||CRITICAL
EPSS-0.27% / 50.30%
||
7 Day CHG~0.00%
Published-18 Dec, 2024 | 15:38
Updated-18 Dec, 2024 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rockwell Automation PowerMonitor™ 1000 Denial of Service

A denial-of-service vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in a buffer-overflow, potentially causing denial-of-service.

Action-Not Available
Vendor-Rockwell Automation, Inc.
Product-PM1k 1408-EM2A-485PM1k 1408-EM3A-ENTPM1k 1408-EM2A-ENTPM1k 1408-BC3A-ENTPM1k 1408-TS3A-485PM1k 1408-EM1A-ENTPM1k 1408-BC3A-485PM1k 1408-TR2A-ENTPM1k 1408-TR2A-485PM1k 1408-TR1A-ENTPM1k 1408-TS3A-ENTPM1k 1408-EM3A-485PM1k 1408-EM1A-485PM1k 1408-TR1A-485
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Details not found