CVE-2025-1451

{"id": "CVE-2025-1451", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-03-20T10:15:53.777", "references": [{"url": "https://huntr.com/bounties/63f5aea4-953b-4b38-9f10-3afe425be1d4", "tags": ["Exploit", "Third Party Advisory"], "source": "security@huntr.dev"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-400"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in parisneo/lollms-webui v13 arises from the server's handling of multipart boundaries in file uploads. The server does not limit or validate the length of the boundary or the characters appended to it, allowing an attacker to craft requests with excessively long boundaries, leading to resource exhaustion and eventual denial of service (DoS). Despite an attempted patch in commit 483431bb, which blocked hyphen characters from being appended to the multipart boundary, the fix is insufficient. The server remains vulnerable if other characters (e.g., '4', 'a') are used instead of hyphens. This allows attackers to exploit the vulnerability using different characters, causing resource exhaustion and service unavailability."}, {"lang": "es", "value": "Una vulnerabilidad en parisneo/lollms-webui v13 surge de la gesti\u00f3n de los l\u00edmites multiparte por parte del servidor al subir archivos. El servidor no limita ni valida la longitud del l\u00edmite ni los caracteres a\u00f1adidos, lo que permite a un atacante manipular solicitudes con l\u00edmites excesivamente largos, lo que provoca el agotamiento de recursos y, finalmente, una denegaci\u00f3n de servicio (DoS). A pesar de un parche en el commit 483431bb, que imped\u00eda a\u00f1adir guiones al l\u00edmite multiparte, la soluci\u00f3n es insuficiente. El servidor sigue siendo vulnerable si se utilizan otros caracteres (p. ej., '4', 'a') en lugar de guiones. Esto permite a los atacantes explotar la vulnerabilidad utilizando caracteres diferentes, lo que provoca el agotamiento de recursos y la indisponibilidad del servicio."}], "lastModified": "2025-03-27T15:40:03.640", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lollms:lollms_web_ui:13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33B0BD9C-2312-401C-9E7F-C3E614A336A3"}], "operator": "OR"}]}], "sourceIdentifier": "security@huntr.dev"}