Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2025-64508
Awaiting Analysis
More InfoOfficial Page
Source-security-advisories@github.com
View Known Exploited Vulnerability (KEV) details
Published At-10 Nov, 2025 | 22:15
Updated At-12 Nov, 2025 | 16:19

Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.5, brotli "bombs" (highly compressed brotli streams, such as many zeros) can be sent to the server. Since the server will attempt to decompress these streams before applying various maximums, this can lead to exhaustion of the available memory and thus a Denial of Service. This can be done if the `DSN` is known, which it is in many common setups (JavaScript, Mobile Apps). The issue is patched in Bugsink version `2.0.5`. The vulnerability is similar to, but distinct from, another brotli-related problem in Bugsink, GHSA-rrx3-2x4g-mq2h/CVE-2025-64509.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-770Primarysecurity-advisories@github.com
CWE ID: CWE-770
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/bugsink/bugsink/commit/3f65544aab3ad5303d97009136640de97b0676a5security-advisories@github.com
N/A
https://github.com/bugsink/bugsink/pull/266security-advisories@github.com
N/A
https://github.com/bugsink/bugsink/security/advisories/GHSA-fc2v-vcwj-269vsecurity-advisories@github.com
N/A
https://github.com/google/brotli/commit/67d78bc41db1a0d03f2e763497748f2f69946627security-advisories@github.com
N/A
https://github.com/google/brotli/issues/1327security-advisories@github.com
N/A
https://github.com/google/brotli/issues/1375security-advisories@github.com
N/A
https://github.com/google/brotli/pull/1234security-advisories@github.com
N/A
https://github.com/google/brotli/releases/tag/v1.2.0security-advisories@github.com
N/A
Hyperlink: https://github.com/bugsink/bugsink/commit/3f65544aab3ad5303d97009136640de97b0676a5
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/bugsink/bugsink/pull/266
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/bugsink/bugsink/security/advisories/GHSA-fc2v-vcwj-269v
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/google/brotli/commit/67d78bc41db1a0d03f2e763497748f2f69946627
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/google/brotli/issues/1327
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/google/brotli/issues/1375
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/google/brotli/pull/1234
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/google/brotli/releases/tag/v1.2.0
Source: security-advisories@github.com
Resource: N/A
Change History
0Changes found
Details not found