Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-6365

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-20 Jun, 2025 | 20:31
Updated At-23 Jun, 2025 | 15:18
Rejected At-
Credits

HobbesOSR Kitten pgtable.h set_pte_at resource consumption

A vulnerability was found in HobbesOSR Kitten up to c4f8b7c3158983d1020af432be1b417b28686736 and classified as critical. Affected by this issue is the function set_pte_at in the library /include/arch-arm64/pgtable.h. The manipulation leads to resource consumption. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:20 Jun, 2025 | 20:31
Updated At:23 Jun, 2025 | 15:18
Rejected At:
▼CVE Numbering Authority (CNA)
HobbesOSR Kitten pgtable.h set_pte_at resource consumption

A vulnerability was found in HobbesOSR Kitten up to c4f8b7c3158983d1020af432be1b417b28686736 and classified as critical. Affected by this issue is the function set_pte_at in the library /include/arch-arm64/pgtable.h. The manipulation leads to resource consumption. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

Affected Products
Vendor
HobbesOSR
Product
Kitten
Versions
Affected
  • c4f8b7c3158983d1020af432be1b417b28686736
Problem Types
TypeCWE IDDescription
CWECWE-400Resource Consumption
CWECWE-404Denial of Service
Type: CWE
CWE ID: CWE-400
Description: Resource Consumption
Type: CWE
CWE ID: CWE-404
Description: Denial of Service
Metrics
VersionBase scoreBase severityVector
4.06.9MEDIUM
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X
3.15.7MEDIUM
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:X/RL:X/RC:R
3.05.7MEDIUM
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:X/RL:X/RC:R
2.05.2N/A
AV:A/AC:M/Au:S/C:N/I:N/A:C/E:ND/RL:ND/RC:UR
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X
Version: 3.1
Base score: 5.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:X/RL:X/RC:R
Version: 3.0
Base score: 5.7
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:X/RL:X/RC:R
Version: 2.0
Base score: 5.2
Base severity: N/A
Vector:
AV:A/AC:M/Au:S/C:N/I:N/A:C/E:ND/RL:ND/RC:UR
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
ybdesire (VulDB User)
Timeline
EventDate
Advisory disclosed2025-06-19 00:00:00
VulDB entry created2025-06-19 02:00:00
VulDB entry last update2025-06-19 15:31:09
Event: Advisory disclosed
Date: 2025-06-19 00:00:00
Event: VulDB entry created
Date: 2025-06-19 02:00:00
Event: VulDB entry last update
Date: 2025-06-19 15:31:09
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.313358
vdb-entry
technical-description
https://vuldb.com/?ctiid.313358
signature
permissions-required
https://vuldb.com/?submit.597382
third-party-advisory
https://github.com/HobbesOSR/kitten/issues/17
issue-tracking
Hyperlink: https://vuldb.com/?id.313358
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/?ctiid.313358
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/?submit.597382
Resource:
third-party-advisory
Hyperlink: https://github.com/HobbesOSR/kitten/issues/17
Resource:
issue-tracking
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/HobbesOSR/kitten/issues/17
exploit
Hyperlink: https://github.com/HobbesOSR/kitten/issues/17
Resource:
exploit
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:20 Jun, 2025 | 21:15
Updated At:23 Jun, 2025 | 20:16

A vulnerability was found in HobbesOSR Kitten up to c4f8b7c3158983d1020af432be1b417b28686736 and classified as critical. Affected by this issue is the function set_pte_at in the library /include/arch-arm64/pgtable.h. The manipulation leads to resource consumption. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.9MEDIUM
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.15.7MEDIUM
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Secondary2.05.2MEDIUM
AV:A/AC:M/Au:S/C:N/I:N/A:C
Type: Secondary
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 5.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 2.0
Base score: 5.2
Base severity: MEDIUM
Vector:
AV:A/AC:M/Au:S/C:N/I:N/A:C
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-400Secondarycna@vuldb.com
CWE-404Secondarycna@vuldb.com
CWE ID: CWE-400
Type: Secondary
Source: cna@vuldb.com
CWE ID: CWE-404
Type: Secondary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/HobbesOSR/kitten/issues/17cna@vuldb.com
N/A
https://vuldb.com/?ctiid.313358cna@vuldb.com
N/A
https://vuldb.com/?id.313358cna@vuldb.com
N/A
https://vuldb.com/?submit.597382cna@vuldb.com
N/A
https://github.com/HobbesOSR/kitten/issues/17134c704f-9b21-4f2e-91b3-4a467353bcc0
N/A
Hyperlink: https://github.com/HobbesOSR/kitten/issues/17
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/?ctiid.313358
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/?id.313358
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/?submit.597382
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://github.com/HobbesOSR/kitten/issues/17
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

8Records found
CVE-2022-3563
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.01% / 1.04%
||
7 Day CHG~0.00%
Published-17 Oct, 2022 | 00:00
Updated-15 Apr, 2025 | 13:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linux Kernel BlueZ mgmt-tester.c read_50_controller_cap_complete null pointer dereference

A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function read_50_controller_cap_complete of the file tools/mgmt-tester.c of the component BlueZ. The manipulation of the argument cap_len leads to null pointer dereference. It is recommended to apply a patch to fix this issue. VDB-211086 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-Linux Kernel Organization, IncBlueZ
Product-bluezKernel
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2023-1206
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.7||MEDIUM
EPSS-0.02% / 3.87%
||
7 Day CHG~0.00%
Published-30 Jun, 2023 | 00:00
Updated-15 Oct, 2024 | 17:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.

Action-Not Available
Vendor-n/aFedora ProjectLinux Kernel Organization, IncRed Hat, Inc.
Product-enterprise_linuxlinux_kernelfedoraKernel
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-49722
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.7||MEDIUM
EPSS-0.67% / 70.30%
||
7 Day CHG-0.11%
Published-08 Jul, 2025 | 16:58
Updated-23 Aug, 2025 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Print Spooler Denial of Service Vulnerability

Uncontrolled resource consumption in Windows Print Spooler Components allows an authorized attacker to deny service over an adjacent network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_22h2windows_server_2022windows_server_2012windows_10_1507windows_11_24h2windows_11_22h2windows_11_23h2windows_server_2022_23h2windows_10_1607windows_10_1809windows_server_2008windows_server_2019windows_server_2025windows_10_21h2windows_server_2016Windows Server 2019Windows Server 2016 (Server Core installation)Windows 11 version 22H2Windows Server 2012Windows Server 2016Windows Server 2008 Service Pack 2Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows 10 Version 1607Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows 10 Version 21H2Windows Server 2022Windows 11 version 22H3Windows 11 Version 23H2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 1507Windows 10 Version 22H2Windows Server 2008 R2 Service Pack 1
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-50121
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.7||MEDIUM
EPSS-0.03% / 7.53%
||
7 Day CHG~0.00%
Published-06 Jan, 2024 | 00:00
Updated-17 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Autel EVO NANO drone flight control firmware version 1.6.5 is vulnerable to denial of service (DoS).

Action-Not Available
Vendor-autelroboticsn/a
Product-evo_nano_drone_firmwareevo_nano_dronen/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-2811
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 7.30%
||
7 Day CHG~0.00%
Published-26 Apr, 2025 | 07:00
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GL.iNet GL-A1300 Slate Plus API redos

A vulnerability was found in GL.iNet GL-A1300 Slate Plus, GL-AR300M16 Shadow, GL-AR300M Shadow, GL-AR750 Creta, GL-AR750S-EXT Slate, GL-AX1800 Flint, GL-AXT1800 Slate AX, GL-B1300 Convexa-B, GL-B3000 Marble, GL-BE3600 Slate 7, GL-E750, GL-E750V2 Mudi, GL-MT300N-V2 Mango, GL-MT1300 Beryl, GL-MT2500 Brume 2, GL-MT3000 Beryl AX, GL-MT6000 Flint 2, GL-SFT1200 Opal, GL-X300B Collie, GL-X750 Spitz, GL-X3000 Spitz AX, GL-XE300 Puli and GL-XE3000 Puli AX 4.x. It has been declared as problematic. This vulnerability affects unknown code of the component API. The manipulation leads to inefficient regular expression complexity. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-GL.iNet
Product-GL-AX1800 FlintGL-E750V2 MudiGL-MT300N-V2 MangoGL-AXT1800 Slate AXGL-X300B CollieGL-B3000 MarbleGL-MT1300 BerylGL-AR750 CretaGL-B1300 Convexa-BGL-MT6000 Flint 2GL-BE3600 Slate 7GL-A1300 Slate PlusGL-MT3000 Beryl AXGL-SFT1200 OpalGL-XE300 PuliGL-MT2500 Brume 2GL-XE3000 Puli AXGL-X3000 Spitz AXGL-AR300M16 ShadowGL-X750 SpitzGL-AR750S-EXT SlateGL-E750GL-AR300M Shadow
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-25207
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-5.7||MEDIUM
EPSS-0.05% / 14.37%
||
7 Day CHG~0.00%
Published-09 Jun, 2025 | 06:12
Updated-09 Jun, 2025 | 18:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rhcl: authpolicy callbacks result in denial of service in authorino severity

The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is completed. It was found that an attacker with developer persona access can add a large number of those callbacks to be executed by Authorino and as the authentication policy is enforced by a single instance of the service, this leada to a Denial of Service in Authorino while processing the post-authorization callbacks.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Connectivity Link 1
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-26472
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.02% / 2.92%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 16:59
Updated-13 Aug, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled resource consumption for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access.

Action-Not Available
Vendor-n/a
Product-Edge Orchestrator software
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-3533
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.02% / 3.75%
||
7 Day CHG~0.00%
Published-17 Oct, 2022 | 00:00
Updated-15 Apr, 2025 | 13:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Linux Kernel BPF usdt.c parse_usdt_arg memory leak

A vulnerability was found in Linux Kernel. It has been rated as problematic. This issue affects the function parse_usdt_arg of the file tools/lib/bpf/usdt.c of the component BPF. The manipulation of the argument reg_name leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211031.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelKernel
CWE ID-CWE-404
Improper Resource Shutdown or Release
Details not found