Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2025-9648
Awaiting Analysis
More InfoOfficial Page
Source-cvd@cert.pl
View Known Exploited Vulnerability (KEV) details
Published At-29 Sep, 2025 | 12:15
Updated At-29 Sep, 2025 | 19:34

A vulnerability in the CivetWeb library's function mg_handle_form_request allows remote attackers to trigger a denial of service (DoS) condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an infinite loop during form data parsing. Multiple malicious requests will result in complete CPU exhaustion and render the service unresponsive to further requests. This issue was fixed in commit 782e189. This issue affects only the library, standalone executable pre-built by vendor is not affected.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.08.7HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 4.0
Base score: 8.7
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-158Primarycvd@cert.pl
CWE ID: CWE-158
Type: Primary
Source: cvd@cert.pl
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://cert.pl/en/posts/2025/09/CVE-2025-9648cvd@cert.pl
N/A
https://github.com/civetweb/civetwebcvd@cert.pl
N/A
https://github.com/civetweb/civetweb/commit/782e18903515f43bafbf2e668994e82bdfa51133cvd@cert.pl
N/A
https://github.com/civetweb/civetweb/issues/1348cvd@cert.pl
N/A
Hyperlink: https://cert.pl/en/posts/2025/09/CVE-2025-9648
Source: cvd@cert.pl
Resource: N/A
Hyperlink: https://github.com/civetweb/civetweb
Source: cvd@cert.pl
Resource: N/A
Hyperlink: https://github.com/civetweb/civetweb/commit/782e18903515f43bafbf2e668994e82bdfa51133
Source: cvd@cert.pl
Resource: N/A
Hyperlink: https://github.com/civetweb/civetweb/issues/1348
Source: cvd@cert.pl
Resource: N/A
Change History
0Changes found

Details not found