Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-50057

Summary
Assigner-Joomla
Assigner Org ID-6ff30186-7fb7-4ad9-be33-533e7b05e586
Published At-18 Jul, 2025 | 09:51
Updated At-20 Jul, 2025 | 08:52
Rejected At-
Credits

Extension - rsjoomla.com - DOS vulnerability RSFiles! component 1.16.3-1.17.7 for Joomla

A DOS vulnerability in RSFiles! component 1.16.3-1.17.7 Joomla was discovered. The issue allows unauthenticated remote attackers to deny access to service via the search feature.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Joomla
Assigner Org ID:6ff30186-7fb7-4ad9-be33-533e7b05e586
Published At:18 Jul, 2025 | 09:51
Updated At:20 Jul, 2025 | 08:52
Rejected At:
▼CVE Numbering Authority (CNA)
Extension - rsjoomla.com - DOS vulnerability RSFiles! component 1.16.3-1.17.7 for Joomla

A DOS vulnerability in RSFiles! component 1.16.3-1.17.7 Joomla was discovered. The issue allows unauthenticated remote attackers to deny access to service via the search feature.

Affected Products
Vendor
rsjoomla.com
Product
RSFiles! component for Joomla
Package Name
com_rsfiles
Default Status
unaffected
Versions
Affected
  • 1.16.3-1.17.7
Problem Types
TypeCWE IDDescription
CWECWE-400CWE-400 Uncontrolled Resource Consumption
Type: CWE
CWE ID: CWE-400
Description: CWE-400 Uncontrolled Resource Consumption
Metrics
VersionBase scoreBase severityVector
4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Kamil Szczurowski
finder
Robert Kruczek
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://rsjoomla.com/
product
Hyperlink: https://rsjoomla.com/
Resource:
product
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@joomla.org
Published At:18 Jul, 2025 | 10:15
Updated At:22 Jul, 2025 | 13:06

A DOS vulnerability in RSFiles! component 1.16.3-1.17.7 Joomla was discovered. The issue allows unauthenticated remote attackers to deny access to service via the search feature.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.9MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-400Primarysecurity@joomla.org
CWE ID: CWE-400
Type: Primary
Source: security@joomla.org
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://rsjoomla.com/security@joomla.org
N/A
Hyperlink: https://rsjoomla.com/
Source: security@joomla.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

9Records found
CVE-2024-10599
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.94% / 75.30%
||
7 Day CHG+0.14%
Published-31 Oct, 2024 | 21:31
Updated-04 Nov, 2024 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tongda OA 2017 package_static_resources.php resource consumption

A vulnerability, which was classified as problematic, has been found in Tongda OA 2017 up to 11.7. This issue affects some unknown processing of the file /inc/package_static_resources.php. The manipulation leads to resource consumption. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-tongda2000Tongdatongda
Product-office_anywhereOA 2017oa_2017
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-54572
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.06% / 17.32%
||
7 Day CHG~0.00%
Published-30 Jul, 2025 | 14:05
Updated-31 Jul, 2025 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ruby SAML DOS vulnerability with large SAML response

The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the message_max_bytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64 format prior to checking the message size, leading to potential resource exhaustion. This is fixed in version 1.18.1.

Action-Not Available
Vendor-SAML-Toolkits
Product-ruby-saml
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-2833
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.13% / 33.92%
||
7 Day CHG-0.06%
Published-27 Mar, 2025 | 04:00
Updated-01 Apr, 2025 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
zhangyd-c OneBlog HTTP Header redos

A vulnerability was found in zhangyd-c OneBlog up to 2.3.9. It has been classified as problematic. Affected is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-zhydzhangyd-c
Product-oneblogOneBlog
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-23814
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-6.9||MEDIUM
EPSS-0.20% / 42.48%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 10:28
Updated-10 Jul, 2025 | 10:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The integrated ICMP service of the network stack of affected devices can be forced to exhaust its available memory resources when receiving specially crafted messages targeting IP fragment re-assembly. This could allow an unauthenticated remote attacker to cause a temporary denial of service condition of the ICMP service, other communication services are not affected. Affected devices will resume normal operation after the attack terminates.

Action-Not Available
Vendor-Siemens AG
Product-SIPLUS S7-1200 CPU 1212 AC/DC/RLYSIMATIC S7-300 CPU 315-2 PN/DPSIMATIC S7-300 CPU 315F-2 PN/DPSIMATIC S7-300 CPU 319F-3 PN/DPSIMATIC ET 200SP CPU 1512SP F-1 PNSIMATIC TDC CPU555SIPLUS S7-1200 CPU 1214FC DC/DC/DCSIMATIC ET 200pro IM 154-4 PN HFSIPLUS S7-1200 CPU 1215FC DC/DC/DCSIMATIC S7-300 CPU 314C-2 PN/DPSIPLUS ET 200SP IM 155-6 PN HF TX RAILSIMATIC S7-300 CPU 317F-2 PN/DPSIWAREX WP241SIPLUS S7-1200 CPU 1215 AC/DC/RLYSIMATIC ET 200SP IM 155-6 PN HFSIPLUS ET 200S IM151-3 PN HFSIPLUS ET 200SP CPU 1512SP F-1 PNSIMATIC S7-1200 CPU 1211C DC/DC/DCSIMATIC ET 200AL IM 157-1 PNSIMATIC S7-410 V10 CPU family (incl. SIPLUS variants)SIPLUS S7-300 CPU 315F-2 PN/DPSIMATIC S7-300 CPU 319-3 PN/DPSIMATIC ET 200SP IM 155-6 PN/2 HFSIMATIC S7-1500 CPU 1513-1 PNSIDOOR ATD430WSIPLUS ET 200S IM 151-8F PN/DP CPUSIMATIC S7-1500 CPU 1511-1 PNSIMATIC ET 200S IM 151-3 PN FOSIMATIC S7-300 CPU 315T-3 PN/DPSIMATIC S7-1200 CPU 1215C DC/DC/DCSIPLUS NET PN/PN CouplerSIPLUS ET 200SP IM 155-6 PN ST BA TX RAILSIMATIC ET 200SP IM 155-6 PN ST BASIMATIC ET 200MP IM 155-5 PN STSIMATIC S7-1200 CPU 1212C AC/DC/RlySIMATIC ET 200SP CPU 1512SP-1 PNSIWAREX WP521 STSIMATIC ET 200S IM 151-8 PN/DP CPUSIMATIC Power Line Booster PLB, Modem Module STSIPLUS ET 200SP IM 155-6 PN ST BASIMATIC CFU DIQSIPLUS HCS4200 CIM4210CSINUMERIK 840D slSIMATIC S7-1200 CPU 1212C DC/DC/DCSIMATIC S7-1500 CPU 1516F-3 PN/DPSIPLUS ET 200M IM 153-4 PN IO STSIPLUS HCS4300 CIM4310SIPLUS S7-1200 CPU 1214 DC/DC/DCSIPLUS S7-1500 CPU 1511-1 PNSIMATIC ET 200SP IM 155-6 PN BASIMATIC S7-300 CPU 317T-3 PN/DPSIPLUS ET 200SP IM 155-6 PN HFSIPLUS ET 200MP IM 155-5 PN HF T1 RAILSIPLUS S7-300 CPU 317F-2 PN/DPSIMATIC PN/PN CouplerSIPLUS S7-1500 CPU 1516-3 PN/DPSIMATIC S7-1200 CPU 1214FC DC/DC/RlySIMATIC ET 200M IM 153-4 PN IO HFSIPLUS S7-300 CPU 317-2 PN/DPSIMATIC ET 200pro IM 154-3 PN HFSIPLUS ET 200M IM 153-4 PN IO HFSIPLUS ET 200MP IM 155-5 PN ST TX RAILSIMATIC S7-1200 CPU 1214C AC/DC/RlySIPLUS ET 200S IM 151-8 PN/DP CPUSIMATIC ET 200pro IM 154-8FX PN/DP CPUSIMATIC ET 200S IM 151-3 PN STSIMATIC CFU PASIPLUS S7-1200 CPU 1212C DC/DC/DC RAILSIPLUS S7-1200 CPU 1212C DC/DC/DCSIMATIC ET 200MP IM 155-5 PN BASIDOOR ATE530S COATEDSIPLUS S7-1200 CPU 1215 DC/DC/DCSIPLUS S7-1500 CPU 1516F-3 PN/DPSIPLUS S7-1200 CPU 1214 DC/DC/RLYSIPLUS S7-1200 CPU 1214 AC/DC/RLYSIMATIC S7-1500 CPU 1515F-2 PNSIPLUS S7-1200 CPU 1214FC DC/DC/RLYSIPLUS S7-1200 CPU 1212 DC/DC/RLYSIMATIC S7-1500 CPU 1513F-1 PNSIMOCODE pro V PROFINETSIWAREX WP522 STSIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants)SIMATIC ET 200S IM 151-3 PN HSSIMATIC S7-1200 CPU 1212FC DC/DC/DCSIPLUS HCS4200 CIM4210SIMATIC S7-1200 CPU 1212FC DC/DC/RlySIMATIC S7-1200 CPU 1215C DC/DC/RlySIMATIC ET 200S IM 151-8F PN/DP CPUSIMATIC ET 200pro IM 154-8 PN/DP CPUSIMOCODE pro V Ethernet/IP (incl. SIPLUS variants)SIPLUS S7-1500 CPU 1513-1 PNSIMATIC S7-1200 CPU 1212C DC/DC/RlySIMATIC S7-1200 CPU 1215FC DC/DC/RlySIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants)SIPLUS S7-1200 CPU 1215 DC/DC/RLYSIMATIC Power Line Booster PLB, Base ModuleSIMATIC S7-1500 CPU 1511F-1 PNSIMATIC S7-300 CPU 317TF-3 PN/DPSIMATIC ET 200S IM 151-3 PN HFSIPLUS S7-1200 CPU 1214C DC/DC/DC RAILSIWAREX WP251SIMATIC TDC CP51M1SIPLUS S7-300 CPU 315-2 PN/DPSIPLUS S7-300 CPU 314C-2 PN/DPSIMATIC S7-1200 CPU 1211C AC/DC/RlySIPLUS ET 200MP IM 155-5 PN STSIPLUS ET 200SP IM 155-6 PN STSIPLUS S7-1500 CPU 1511F-1 PNSIMATIC ET 200SP CPU 1510SP-1 PNSIMATIC S7-1200 CPU 1215C AC/DC/RlySIMATIC S7-1200 CPU 1214FC DC/DC/DCSIWAREX WP231SIMATIC S7-1200 CPU 1217C DC/DC/DCSIMATIC S7-1500 CPU 1516-3 PN/DPSIDOOR ATE530G COATEDSIMATIC S7-1200 CPU 1214C DC/DC/DCSIPLUS ET 200S IM151-3 PN STSIPLUS S7-1500 CPU 1513F-1 PNSIMATIC S7-1200 CPU 1211C DC/DC/RlySIMATIC S7-1500 CPU 1515-2 PNSIMATIC S7-1200 CPU 1215FC DC/DC/DCSIMATIC ET 200SP IM 155-6 PN/3 HFSIMATIC ET 200SP IM 155-6 PN STSIMATIC ET 200M IM 153-4 PN IO STSIMATIC ET 200MP IM 155-5 PN HFSIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants)SIMATIC S7-1200 CPU 1214C DC/DC/RlySIMATIC S7-300 CPU 317-2 PN/DPSIMATIC ET 200SP IM 155-6 PN HSSIMATIC S7-410 V8 CPU family (incl. SIPLUS variants)SIPLUS S7-1200 CPU 1215C DC/DC/DCSIMATIC ET 200SP IM 155-6 MF HFSIPLUS ET 200SP IM 155-6 PN ST TX RAILSIPLUS ET 200MP IM 155-5 PN HFSIPLUS ET 200SP IM 155-6 PN HF T1 RAILSIMATIC ET 200SP CPU 1510SP F-1 PNSIMATIC ET 200pro IM 154-8F PN/DP CPU
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-0704
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.08% / 23.43%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 18:31
Updated-24 Jan, 2025 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JoeyBling bootplus QrCodeController.java qrCode resource consumption

A vulnerability, which was classified as problematic, was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. Affected is the function qrCode of the file src/main/java/io/github/controller/QrCodeController.java. The manipulation of the argument w/h leads to resource consumption. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

Action-Not Available
Vendor-JoeyBling
Product-bootplus
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2024-7567
Matching Score-4
Assigner-Rockwell Automation
ShareView Details
Matching Score-4
Assigner-Rockwell Automation
CVSS Score-6.9||MEDIUM
EPSS-0.18% / 39.72%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:51
Updated-13 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rockwell Automation Micro850/870 Vulnerable to denial-of-service Vulnerability via CIP/Modbus Port

A denial-of-service vulnerability exists via the CIP/Modbus port in the Rockwell Automation Micro850/870 (2080 -L50E/2080 -L70E). If exploited, the CIP/Modbus communication may be disrupted for short duration.

Action-Not Available
Vendor-Rockwell Automation, Inc.
Product-PLC - Micro850/870 (2080 -L50E/2080 -L70E)micro850_firmwaremicro870_firmware
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-33498
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-6.9||MEDIUM
EPSS-0.53% / 66.18%
||
7 Day CHG~0.00%
Published-14 May, 2024 | 10:03
Updated-02 Aug, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected applications do not properly release memory that is allocated when handling specifically crafted incoming packets. This could allow an unauthenticated remote attacker to cause a denial of service condition by crashing the service when it runs out of memory. The service is restarted automatically after a short time.

Action-Not Available
Vendor-Siemens AG
Product-SIMATIC RTLS Locating Managersimatic_rtls_locating_manager
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-49767
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.60% / 68.53%
||
7 Day CHG~0.00%
Published-25 Oct, 2024 | 19:41
Updated-03 Jan, 2025 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Werkzeug possible resource exhaustion when parsing file data in forms

Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask applications) are vulnerable to a relatively simple but effective resource exhaustion (denial of service) attack. A specifically crafted form submission request can cause the parser to allocate and block 3 to 8 times the upload size in main memory. There is no upper limit; a single upload at 1 Gbit/s can exhaust 32 GB of RAM in less than 60 seconds. Werkzeug version 3.0.6 fixes this issue.

Action-Not Available
Vendor-palletsprojectspalletspalletsprojects
Product-werkzeugquartwerkzeugwerkzeug
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-46891
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-6.9||MEDIUM
EPSS-0.19% / 40.96%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 12:49
Updated-20 Aug, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly restrict the size of generated log files. This could allow an unauthenticated remote attacker to trigger a large amount of logged events to exhaust the system's resources and create a denial of service condition.

Action-Not Available
Vendor-Siemens AG
Product-sinec_insSINEC INSsinec_ins
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-400
Uncontrolled Resource Consumption
Details not found