VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-c7cx-u73j-k7bx

Essentials
Severities (30)
References (11)
Severity details (16)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-c7cx-u73j-k7bx
Aliases	CVE-2025-25193 GHSA-389x-839f-4rhx
Summary	Denial of Service attack on windows app using Netty ### Summary An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attemps to load a file that does not exist. If an attacker creates such a large file, the Netty application crash. ### Details A similar issue was previously reported in https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv This issue was fixed, but the fix was incomplete in that null-bytes were not counted against the input limit. ### PoC The PoC is the same as for https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv with the detail that the file should only contain null-bytes; 0x00. When the null-bytes are encountered by the `InputStreamReader`, it will issue replacement characters in its charset decoding, which will fill up the line-buffer in the `BufferedReader.readLine()`, because the replacement character is not a line-break character. ### Impact Impact is the same as https://github.com/netty/netty/security/advisories/GHSA-xq3w-v528-46rv
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-400	Uncontrolled Resource Consumption
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	5.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25193.json
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2025-25193
epss	0.00073	https://api.first.org/data/v1/epss?cve=CVE-2025-25193
epss	0.0008	https://api.first.org/data/v1/epss?cve=CVE-2025-25193
epss	0.0009	https://api.first.org/data/v1/epss?cve=CVE-2025-25193
epss	0.0009	https://api.first.org/data/v1/epss?cve=CVE-2025-25193
epss	0.0009	https://api.first.org/data/v1/epss?cve=CVE-2025-25193
epss	0.0009	https://api.first.org/data/v1/epss?cve=CVE-2025-25193
epss	0.0009	https://api.first.org/data/v1/epss?cve=CVE-2025-25193
epss	0.0009	https://api.first.org/data/v1/epss?cve=CVE-2025-25193
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2025-25193
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2025-25193
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2025-25193
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2025-25193
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2025-25193
cvssv3.1	5.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-389x-839f-4rhx
cvssv3.1	5.5	https://github.com/netty/netty
generic_textual	MODERATE	https://github.com/netty/netty
cvssv3.1	5.5	https://github.com/netty/netty/commit/d1fbda62d3a47835d3fb35db8bd42ecc205a5386
generic_textual	MODERATE	https://github.com/netty/netty/commit/d1fbda62d3a47835d3fb35db8bd42ecc205a5386
ssvc	Track	https://github.com/netty/netty/commit/d1fbda62d3a47835d3fb35db8bd42ecc205a5386
cvssv3.1	5.5	https://github.com/netty/netty/security/advisories/GHSA-389x-839f-4rhx
cvssv3.1_qr	MODERATE	https://github.com/netty/netty/security/advisories/GHSA-389x-839f-4rhx
generic_textual	MODERATE	https://github.com/netty/netty/security/advisories/GHSA-389x-839f-4rhx
ssvc	Track	https://github.com/netty/netty/security/advisories/GHSA-389x-839f-4rhx
cvssv3.1	5.5	https://nvd.nist.gov/vuln/detail/CVE-2025-25193
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2025-25193
cvssv3.1	5.5	https://security.netapp.com/advisory/ntap-20250221-0006
generic_textual	MODERATE	https://security.netapp.com/advisory/ntap-20250221-0006

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25193.json
		https://api.first.org/data/v1/epss?cve=CVE-2025-25193
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/netty/netty
		https://github.com/netty/netty/commit/d1fbda62d3a47835d3fb35db8bd42ecc205a5386
		https://github.com/netty/netty/security/advisories/GHSA-389x-839f-4rhx
		https://nvd.nist.gov/vuln/detail/CVE-2025-25193
		https://security.netapp.com/advisory/ntap-20250221-0006
		https://security.netapp.com/advisory/ntap-20250221-0006/
2344788		https://bugzilla.redhat.com/show_bug.cgi?id=2344788
GHSA-389x-839f-4rhx		https://github.com/advisories/GHSA-389x-839f-4rhx

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-25193.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/netty/netty

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/netty/netty/commit/d1fbda62d3a47835d3fb35db8bd42ecc205a5386

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T15:22:08Z/ Found at https://github.com/netty/netty/commit/d1fbda62d3a47835d3fb35db8bd42ecc205a5386

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/netty/netty/security/advisories/GHSA-389x-839f-4rhx

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-11T15:22:08Z/ Found at https://github.com/netty/netty/security/advisories/GHSA-389x-839f-4rhx

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2025-25193

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20250221-0006

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.22883
EPSS Score	0.00073
Published At	July 16, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:12:34.950027+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/02/GHSA-389x-839f-4rhx/GHSA-389x-839f-4rhx.json	36.1.3