CWE-754
Allowed-with-ReviewImproper Check for Unusual or Exceptional Conditions
Abstraction: Class · Status: Incomplete
The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.
905 vulnerabilities reference this CWE, most recent first.
CVE-2025-12657 (GCVE-0-2025-12657)
Vulnerability from cvelistv5 – Published: 2025-11-03 21:03 – Updated: 2025-11-03 21:26- CWE-754 - Improper Check for Unusual or Exceptional Conditions
| Vendor | Product | Version | |
|---|---|---|---|
| MongoDB Inc. | MongoDB Server |
Affected:
6.0 , < 7.0.22
(custom)
Affected: 8.0 , < 8.0.10 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12657",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-03T21:26:08.110525Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-03T21:26:22.750Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MongoDB Server",
"vendor": "MongoDB Inc.",
"versions": [
{
"lessThan": "7.0.22",
"status": "affected",
"version": "6.0",
"versionType": "custom"
},
{
"lessThan": "8.0.10",
"status": "affected",
"version": "8.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cp\u003e\u003c/p\u003e\u003c/b\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eThe KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can result in read access violations.\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can result in read access violations."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-03T21:03:25.384Z",
"orgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
"shortName": "mongodb"
},
"references": [
{
"url": "https://jira.mongodb.org/browse/SERVER-101230"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Malformed KMIP response may result in access violation",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a39b4221-9bd0-4244-95fc-f3e2e07f1deb",
"assignerShortName": "mongodb",
"cveId": "CVE-2025-12657",
"datePublished": "2025-11-03T21:03:25.384Z",
"dateReserved": "2025-11-03T20:49:39.746Z",
"dateUpdated": "2025-11-03T21:26:22.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12387 (GCVE-0-2025-12387)
Vulnerability from cvelistv5 – Published: 2026-01-27 11:57 – Updated: 2026-01-27 13:37- CWE-754 - Improper Check for Unusual or Exceptional Conditions
| URL | Tags |
|---|---|
| https://cert.pl/en/posts/2026/01/CVE-2025-12386 | third-party-advisory |
| https://www.pix-link.com/lv-wr21q | product |
| https://github.com/wcyb/security_research | exploit |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12387",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-27T13:36:58.661274Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T13:37:05.698Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "LV-WR21Q",
"vendor": "Pix-Link",
"versions": [
{
"status": "affected",
"version": "V108_108",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "WR21Q",
"vendor": "Pix-Link",
"versions": [
{
"status": "affected",
"version": "V108_108",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Wojciech Cybowski"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in the Pix-Link LV-WR21Q router\u0027s language module allows remote attackers to trigger a denial of service (DoS) by sending a specially crafted HTTP POST request containing non-existing language parameter. This renders the server unable to serve correct \u003ctt\u003elang.js\u003c/tt\u003e file, which causes administrator panel to not work, resulting in DoS until the language settings is reverted to a correct value. The Denial of Service affects only the administrator panel and does not affect other router functionalities.\u003cbr\u003e\u003cbr\u003eThe vendor was notified early about this vulnerability, but didn\u0027t respond with the details of vulnerability or vulnerable version range. Only version V108_108 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.\u003cbr\u003e"
}
],
"value": "A vulnerability in the Pix-Link LV-WR21Q router\u0027s language module allows remote attackers to trigger a denial of service (DoS) by sending a specially crafted HTTP POST request containing non-existing language parameter. This renders the server unable to serve correct lang.js file, which causes administrator panel to not work, resulting in DoS until the language settings is reverted to a correct value. The Denial of Service affects only the administrator panel and does not affect other router functionalities.\n\nThe vendor was notified early about this vulnerability, but didn\u0027t respond with the details of vulnerability or vulnerable version range. Only version V108_108 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T11:58:39.702Z",
"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"shortName": "CERT-PL"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://cert.pl/en/posts/2026/01/CVE-2025-12386"
},
{
"tags": [
"product"
],
"url": "https://www.pix-link.com/lv-wr21q"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/wcyb/security_research"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Denial of Service in Pix-Link LV-WR21Q",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
"assignerShortName": "CERT-PL",
"cveId": "CVE-2025-12387",
"datePublished": "2026-01-27T11:57:55.609Z",
"dateReserved": "2025-10-28T12:02:33.768Z",
"dateUpdated": "2026-01-27T13:37:05.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11925 (GCVE-0-2025-11925)
Vulnerability from cvelistv5 – Published: 2025-10-17 19:56 – Updated: 2025-10-17 20:25- CWE-754 - Improper Check for Unusual or Exceptional Conditions
| Vendor | Product | Version | |
|---|---|---|---|
| Azure Access Technology | BLU-IC2 |
Affected:
0 , ≤ 1.19.5
(semver)
|
|
| Azure Access Technology | BLU-IC4 |
Affected:
0 , ≤ 1.19.5
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11925",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-17T20:25:16.511733Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T20:25:34.271Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "BLU-IC2",
"vendor": "Azure Access Technology",
"versions": [
{
"lessThanOrEqual": "1.19.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "BLU-IC4",
"vendor": "Azure Access Technology",
"versions": [
{
"lessThanOrEqual": "1.19.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kevin Schaller"
},
{
"lang": "en",
"type": "finder",
"value": "Benjamin Lafois"
},
{
"lang": "en",
"type": "finder",
"value": "Alexi Bitsios"
},
{
"lang": "en",
"type": "finder",
"value": "Sebastian Toscano"
},
{
"lang": "en",
"type": "finder",
"value": "Dominik Schneider"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Content-Type header in one of the APIs (`text/html` instead of `application/json`) replies may potentially allow injection of HTML/JavaScript into reply.\u003cp\u003eThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.\u003c/p\u003e"
}
],
"value": "Incorrect Content-Type header in one of the APIs (`text/html` instead of `application/json`) replies may potentially allow injection of HTML/JavaScript into reply.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5."
}
],
"impacts": [
{
"capecId": "CAPEC-586",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-586 Object Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-17T19:56:14.177Z",
"orgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
"shortName": "azure-access"
},
"references": [
{
"url": "https://azure-access.com/security-advisories"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Incorrect Content-Type Header",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a0340c66-c385-4f8b-991b-3d05f6fd5220",
"assignerShortName": "azure-access",
"cveId": "CVE-2025-11925",
"datePublished": "2025-10-17T19:56:14.177Z",
"dateReserved": "2025-10-17T19:54:27.117Z",
"dateUpdated": "2025-10-17T20:25:34.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10937 (GCVE-0-2025-10937)
Vulnerability from cvelistv5 – Published: 2025-10-23 18:24 – Updated: 2025-10-23 19:11- CWE-754 - Improper Check for Unusual or Exceptional Conditions
| Vendor | Product | Version | |
|---|---|---|---|
| Oxford Nano Technologies | MinKNOW |
Affected:
0 , < 24.11
(custom)
Unaffected: 24.11 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10937",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-23T19:11:30.188272Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T19:11:36.103Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MinKNOW",
"vendor": "Oxford Nano Technologies",
"versions": [
{
"lessThan": "24.11",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "24.11"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oxford_nano_technologies:minknow:*:*:*:*:*:*:*:*",
"versionEndExcluding": "24.11",
"versionStartIncluding": "0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oxford_nano_technologies:minknow:24.11:*:*:*:*:*:*:*",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Sara Rampazzi, Christina Boucher, Carson Stillman, Jonathan E. Bravo of the University of Florida reported these vulnerabilities to Oxford Nanopore Technologies."
}
],
"datePublic": "2025-10-21T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOxford Nanopore Technologies\u0027 MinKNOW software at or prior to version 24.11 creates a temporary file to store the local authentication token during startup, before copying it to its final location. This temporary file is created in a directory accessible to all users on the system. An unauthorized local user or process can exploit this behavior by placing a file lock on the temporary token file using the flock system call. This prevents MinKNOW from completing the token generation process. As a result, no valid local token is created, and the software is unable to execute commands on the sequencer. This leads to a denial-of-service (DoS) condition, blocking sequencing operations.\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "Oxford Nanopore Technologies\u0027 MinKNOW software at or prior to version 24.11 creates a temporary file to store the local authentication token during startup, before copying it to its final location. This temporary file is created in a directory accessible to all users on the system. An unauthorized local user or process can exploit this behavior by placing a file lock on the temporary token file using the flock system call. This prevents MinKNOW from completing the token generation process. As a result, no valid local token is created, and the software is unable to execute commands on the sequencer. This leads to a denial-of-service (DoS) condition, blocking sequencing operations."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T18:24:39.764Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-294-01"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsma-25-294-01.json"
},
{
"url": "https://nanoporetech.com/software/"
},
{
"url": "https://nanoporetech.com/about/contact"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOxford Nanopore Technologies recommends users upgrade to MinKNOW \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://nanoporetech.com/software/\"\u003eVersions later than 24.11\u003c/a\u003e\u0026nbsp;to eliminate these vulnerabilities.\u003c/p\u003e\u003cp\u003eIf users are unable to upgrade to v24.11 to reduce risk from the remaining Authentication Token and Token Lock vulnerabilities, Oxford Nanopore advises the following additional measures for users on version 24.06:\u003c/p\u003e\u003cul\u003e\u003cli\u003eRemote Connect: Keep Remote Connect disabled in MinKNOW unless strictly required, and enable it only within trusted network environments.\u003c/li\u003e\u003cli\u003eEndpoint Protection: Install and maintain antivirus and malware scanning tools to mitigate denial-of-service (DoS) conditions arising from local exploitation or malware.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eUsers running older versions of MinKNOW who cannot upgrade immediately should contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://nanoporetech.com/about/contact\"\u003eOxford Nanopore Support\u003c/a\u003e\u0026nbsp;for guidance on securing their configurations. Downloading the release requires users to be logged into the Nanopore Community.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Oxford Nanopore Technologies recommends users upgrade to MinKNOW Versions later than 24.11 https://nanoporetech.com/software/ \u00a0to eliminate these vulnerabilities.\n\nIf users are unable to upgrade to v24.11 to reduce risk from the remaining Authentication Token and Token Lock vulnerabilities, Oxford Nanopore advises the following additional measures for users on version 24.06:\n\n * Remote Connect: Keep Remote Connect disabled in MinKNOW unless strictly required, and enable it only within trusted network environments.\n * Endpoint Protection: Install and maintain antivirus and malware scanning tools to mitigate denial-of-service (DoS) conditions arising from local exploitation or malware.\n\n\nUsers running older versions of MinKNOW who cannot upgrade immediately should contact Oxford Nanopore Support https://nanoporetech.com/about/contact \u00a0for guidance on securing their configurations. Downloading the release requires users to be logged into the Nanopore Community."
}
],
"source": {
"advisory": "ICSMA-25-294-01",
"discovery": "EXTERNAL"
},
"title": "Oxford Nanopore Technologies MinKNOW Improper Check for Unusual or Exceptional Conditions",
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-10937",
"datePublished": "2025-10-23T18:24:39.764Z",
"dateReserved": "2025-09-24T22:17:56.931Z",
"dateUpdated": "2025-10-23T19:11:36.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9998 (GCVE-0-2025-9998)
Vulnerability from cvelistv5 – Published: 2025-09-05 16:40 – Updated: 2026-02-26 07:54- CWE-754 - Improper Check for Unusual or Exceptional Conditions
| URL | Tags |
|---|---|
| https://www.pcvue.com/security/#SB2025-4 | vendor-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9998",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-05T17:51:03.059305Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-05T17:51:49.768Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"Networking"
],
"product": "PcVue",
"vendor": "arcinfo",
"versions": [
{
"lessThanOrEqual": "16.3.3",
"status": "affected",
"version": "16.0.0",
"versionType": "cpe"
},
{
"lessThanOrEqual": "15.2.12",
"status": "affected",
"version": "15.0.0",
"versionType": "cpe"
},
{
"lessThanOrEqual": "12.0.31",
"status": "affected",
"version": "12.0.0",
"versionType": "cpe"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arcinfo:pcvue:*:*:*:*:*:*:*:*",
"versionEndIncluding": "16.3.3",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arcinfo:pcvue:*:*:*:*:*:*:*:*",
"versionEndIncluding": "15.2.12",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:arcinfo:pcvue:*:*:*:*:*:*:*:*",
"versionEndIncluding": "12.0.31",
"versionStartIncluding": "12.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Guillaume Andr\u00e9 (Synacktiv)"
},
{
"lang": "en",
"type": "finder",
"value": "Pierre Gertner (Synacktiv)"
}
],
"datePublic": "2025-09-04T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The sequence of packets received by a Networking server are not correctly checked.\u003cbr\u003e\u003cbr\u003eAn attacker could exploit this vulnerability to send specially crafted messages to force the application to stop.\u003cbr\u003e"
}
],
"value": "The sequence of packets received by a Networking server are not correctly checked.\n\nAn attacker could exploit this vulnerability to send specially crafted messages to force the application to stop."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No POC available."
}
],
"value": "No POC available."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Not known to be exploited"
}
],
"value": "Not known to be exploited"
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:U/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"other": {
"content": {
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CNA",
"version": "2.0.3"
},
"type": "ssvc"
},
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T07:54:07.047Z",
"orgId": "87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932",
"shortName": "arcinfo"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.pcvue.com/security/#SB2025-4"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003eHarden the configuration\u003c/b\u003e\u003cbr\u003e\u003cu\u003eWho should apply this recommendation:\u003c/u\u003e All users\u003cbr\u003eTo reduce the risk of exploitation, ARC Informatique strongly recommends implementing the following defensive measures:\u003cbr\u003e\u003cul\u003e\u003cli\u003eMinimize network exposure for all control system devices and/or systems, and ensure they are not accessible from unsecure networks.\u003c/li\u003e\u003cli\u003eLocate control system networks and remote devices behind firewalls and isolate them from business networks.\u003c/li\u003e\u003cli\u003eWhen remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cb\u003eUpdate PcVue\u003c/b\u003e\u003cbr\u003e\u003cu\u003eWho should apply this recommendation:\u003c/u\u003e All users running affected components.\u003cbr\u003eApply the patch by installing a fixed PcVue version.\u003cbr\u003e\u003cbr\u003e\u003cb\u003eA fixed release must be installed on all stations for the fix to be fully applied.\u003c/b\u003e\u003cbr\u003eExisting projects require a settings update for the fix to be applied. The complete update procedure and verification steps are described in the Knowledge Base article KB1254\n\n(\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.pcvue.com/?post_type=post\u0026amp;s=\u0026amp;kbase_id=kb1254\"\u003ehttps://www.pcvue.com/?post_type=post\u0026amp;s=\u0026amp;kbase_id=kb1254\u003c/a\u003e)\n\n.\u003cbr\u003eFor new projects, the settings are configured by default with secured values.\u003cbr\u003e\u003cbr\u003eTo verify that the patch has been applied correctly, the user must check that:\u003cbr\u003e\u003cul\u003e\u003cli\u003eThe \u003ci\u003eFile version\u003c/i\u003e property of the file \u003ci\u003e./bin/sv32.exe\u003c/i\u003e matches the deployed release or later, and ensure that any earlier release is no longer used;\u003c/li\u003e\u003cli\u003eThe \u003ci\u003eInteroperability issues\u003c/i\u003e settings of the Networking feature are disabled.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cbr\u003e\n\n\u003cb\u003eAvailable patches:\u003c/b\u003e\u003cbr\u003ePatch provided in:\u003cbr\u003e\u003cul\u003e\u003cli\u003ePcVue 16.3.4 (16.3.4902.3112)\u003c/li\u003e\u003cli\u003ePcVue 15.2.13 (15.2.13902.37126)\u003c/li\u003e\u003cli\u003ePcVue 12.0.32 (12.0.32900.37130)\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "Harden the configuration\nWho should apply this recommendation: All users\nTo reduce the risk of exploitation, ARC Informatique strongly recommends implementing the following defensive measures:\n * Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from unsecure networks.\n * Locate control system networks and remote devices behind firewalls and isolate them from business networks.\n * When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as its connected devices.\n\n\n\nUpdate PcVue\nWho should apply this recommendation: All users running affected components.\nApply the patch by installing a fixed PcVue version.\n\nA fixed release must be installed on all stations for the fix to be fully applied.\nExisting projects require a settings update for the fix to be applied. The complete update procedure and verification steps are described in the Knowledge Base article KB1254\n\n( https://www.pcvue.com/?post_type=post\u0026s=\u0026kbase_id=kb1254 )\n\n.\nFor new projects, the settings are configured by default with secured values.\n\nTo verify that the patch has been applied correctly, the user must check that:\n * The File version property of the file ./bin/sv32.exe matches the deployed release or later, and ensure that any earlier release is no longer used;\n * The Interoperability issues settings of the Networking feature are disabled.\n\n\n\n\n\n\nAvailable patches:\nPatch provided in:\n * PcVue 16.3.4 (16.3.4902.3112)\n * PcVue 15.2.13 (15.2.13902.37126)\n * PcVue 12.0.32 (12.0.32900.37130)"
}
],
"source": {
"advisory": "SB2025-4",
"discovery": "EXTERNAL"
},
"title": "Improper validation of packets sequencing",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "87c8e6ad-f0f5-4ca8-89e2-89f26d6ed932",
"assignerShortName": "arcinfo",
"cveId": "CVE-2025-9998",
"datePublished": "2025-09-05T16:40:13.645Z",
"dateReserved": "2025-09-04T16:34:22.785Z",
"dateUpdated": "2026-02-26T07:54:07.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8716 (GCVE-0-2025-8716)
Vulnerability from cvelistv5 – Published: 2025-09-11 13:42 – Updated: 2025-09-11 14:16- CWE-754 - Improper Check for Unusual or Exceptional Conditions
| Vendor | Product | Version | |
|---|---|---|---|
| OpenText | OpenText Content Management |
Affected:
20.4-25.3
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8716",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-11T14:16:13.503272Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-11T14:16:18.491Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "OpenText Content Management",
"vendor": "OpenText",
"versions": [
{
"status": "affected",
"version": "20.4-25.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Armin Stock"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn Content Management versions 20.4- 25.3 authenticated attackers may exploit a complex cache poisoning technique to download unprotected files from the server if the filenames are known.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "In Content Management versions 20.4- 25.3 authenticated attackers may exploit a complex cache poisoning technique to download unprotected files from the server if the filenames are known."
}
],
"impacts": [
{
"capecId": "CAPEC-141",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-141 Cache Poisoning"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-11T13:42:01.686Z",
"orgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"shortName": "OpenText"
},
"references": [
{
"url": "https://support.opentext.com/csm?id=ot_kb_unauthenticated\u0026sysparm_article=KB0847046"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Cache exploitation vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84",
"assignerShortName": "OpenText",
"cveId": "CVE-2025-8716",
"datePublished": "2025-09-11T13:42:01.686Z",
"dateReserved": "2025-08-07T16:57:28.140Z",
"dateUpdated": "2025-09-11T14:16:18.491Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4675 (GCVE-0-2025-4675)
Vulnerability from cvelistv5 – Published: 2026-01-07 16:55 – Updated: 2026-01-07 17:20- CWE-754 - Improper Check for Unusual or Exceptional Conditions
| Vendor | Product | Version | |
|---|---|---|---|
| ABB | WebPro SNMP Card PowerValue |
Affected:
0 , ≤ 1.1.8.k
(custom)
|
|
| ABB | WebPro SNMP Card PowerValue UL |
Affected:
0 , ≤ 1.1.8.k
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4675",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-07T17:19:49.307602Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T17:20:05.011Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WebPro SNMP Card PowerValue",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.1.8.k",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "WebPro SNMP Card PowerValue UL",
"vendor": "ABB",
"versions": [
{
"lessThanOrEqual": "1.1.8.k",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Check for Unusual or Exceptional Conditions vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.\u003cp\u003eThis issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K.\u003c/p\u003e"
}
],
"value": "Improper Check for Unusual or Exceptional Conditions vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-07T16:55:43.036Z",
"orgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"shortName": "ABB"
},
"references": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2CRT000009\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Improper implementation of Modbus protocol leading to DOS attack",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b718523-d88f-4f37-9bbd-300c20644bf9",
"assignerShortName": "ABB",
"cveId": "CVE-2025-4675",
"datePublished": "2026-01-07T16:55:43.036Z",
"dateReserved": "2025-05-14T06:02:12.696Z",
"dateUpdated": "2026-01-07T17:20:05.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4663 (GCVE-0-2025-4663)
Vulnerability from cvelistv5 – Published: 2025-07-08 17:53 – Updated: 2025-07-08 18:02- CWE-754 - Improper Check for Unusual or Exceptional Conditions
| Vendor | Product | Version | |
|---|---|---|---|
| Broadcom | Brocade Fabric OS |
Affected:
Brocade Fabric OS 9.0.0 through 9.2.2
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4663",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-08T18:01:53.887893Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T18:02:03.446Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Brocade Fabric OS",
"vendor": "Broadcom",
"versions": [
{
"status": "affected",
"version": "Brocade Fabric OS 9.0.0 through 9.2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn Improper Check for Unusual or \nExceptional Conditions vulnerability in Brocade Fabric OS before 9.2.2.a\n could allow an authenticated, network-based attacker to cause a \nDenial-of-Service (DoS).\u003cbr\u003eThe\n vulnerability is encountered when supportsave is invoked remotely, \nusing ssh command or SANnav inline ssh, and the corresponding ssh \nsession is terminated with Control C (^c ) before supportsave \ncompletion.\u003cbr\u003eThis issue affects Brocade Fabric OS 9.0.0 through 9.2.2\u003c/p\u003e"
}
],
"value": "An Improper Check for Unusual or \nExceptional Conditions vulnerability in Brocade Fabric OS before 9.2.2.a\n could allow an authenticated, network-based attacker to cause a \nDenial-of-Service (DoS).\nThe\n vulnerability is encountered when supportsave is invoked remotely, \nusing ssh command or SANnav inline ssh, and the corresponding ssh \nsession is terminated with Control C (^c ) before supportsave \ncompletion.\nThis issue affects Brocade Fabric OS 9.0.0 through 9.2.2"
}
],
"impacts": [
{
"capecId": "CAPEC-131",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-131 Resource Leak Exposure"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754: Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T17:53:53.048Z",
"orgId": "87b297d7-335e-4844-9551-11b97995a791",
"shortName": "brocade"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35815"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Denial-of-Service (DoS) after Unusual or Exceptional Conditions vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "87b297d7-335e-4844-9551-11b97995a791",
"assignerShortName": "brocade",
"cveId": "CVE-2025-4663",
"datePublished": "2025-07-08T17:53:53.048Z",
"dateReserved": "2025-05-13T18:34:47.831Z",
"dateUpdated": "2025-07-08T18:02:03.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4619 (GCVE-0-2025-4619)
Vulnerability from cvelistv5 – Published: 2025-11-13 20:24 – Updated: 2025-11-14 18:08- CWE-754 - Improper Check for Unusual or Exceptional Conditions
| URL | Tags |
|---|---|
| https://security.paloaltonetworks.com/CVE-2025-4619 | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Palo Alto Networks | Cloud NGFW |
Unaffected:
All
(custom)
|
|
| Palo Alto Networks | PAN-OS |
Unaffected:
12.1.0
(custom)
Affected: 11.2.0 , < 11.2.5 (custom) Affected: 11.1.0 , < 11.1.7 (custom) Affected: 10.2.0 , < 10.2.14 (custom) Unaffected: 10.1.0 (custom) cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:-:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h16:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h1:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:-:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h20:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h19:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h16:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h9:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h8:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h7:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h6:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h20:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h19:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h16:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h10:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:* cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:* |
|
| Palo Alto Networks | Prisma Access |
Affected:
10.2.0 , < 10.2.10-h14
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4619",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-14T18:08:04.676466Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T18:08:10.682Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Cloud NGFW",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "All",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.4:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.3:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.2:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.2.0:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.6:-:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.5:-:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.4:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.3:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h16:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.2:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:11.1.0:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.13:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.12:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:h1:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.11:-:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h5:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h4:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h3:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.10:h2:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h20:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h19:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h16:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h9:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h8:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h7:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.9:h6:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h20:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h19:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h16:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.8:h10:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h23:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h22:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h21:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h20:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h19:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h18:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h17:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h16:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h15:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h14:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h13:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h12:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.7:h11:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.6:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.5:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.3:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.2:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.1:*:*:*:*:*:*:*",
"cpe:2.3:o:palo_alto_networks:pan-os:10.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "PAN-OS",
"vendor": "Palo Alto Networks",
"versions": [
{
"status": "unaffected",
"version": "12.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.2.5",
"status": "unaffected"
},
{
"at": "11.2.4-h4",
"status": "unaffected"
},
{
"at": "11.2.3-h6",
"status": "unaffected"
},
{
"at": "11.2.2-h2",
"status": "unaffected"
}
],
"lessThan": "11.2.5",
"status": "affected",
"version": "11.2.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "11.1.7",
"status": "unaffected"
},
{
"at": "11.1.6-h1",
"status": "unaffected"
},
{
"at": "11.1.4-h13",
"status": "unaffected"
},
{
"at": "11.1.4-h4",
"status": "affected"
},
{
"at": "11.1.3-h2",
"status": "affected"
},
{
"at": "11.1.2-h18",
"status": "unaffected"
},
{
"at": "11.1.2-h9",
"status": "affected"
}
],
"lessThan": "11.1.7",
"status": "affected",
"version": "11.1.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "10.2.14",
"status": "unaffected"
},
{
"at": "10.2.13-h3",
"status": "unaffected"
},
{
"at": "10.2.12-h6",
"status": "unaffected"
},
{
"at": "10.2.11-h12",
"status": "unaffected"
},
{
"at": "10.2.10-h14",
"status": "unaffected"
},
{
"at": "10.2.10-h2",
"status": "affected"
},
{
"at": "10.2.9-h21",
"status": "unaffected"
},
{
"at": "10.2.9-h6",
"status": "affected"
},
{
"at": "10.2.8-h21",
"status": "unaffected"
},
{
"at": "10.2.8-h10",
"status": "affected"
},
{
"at": "10.2.7-h24",
"status": "unaffected"
},
{
"at": "10.2.7-h11",
"status": "affected"
},
{
"at": "10.2.4-h25",
"status": "affected"
}
],
"lessThan": "10.2.14",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "10.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"PAN-OS"
],
"product": "Prisma Access",
"vendor": "Palo Alto Networks",
"versions": [
{
"changes": [
{
"at": "11.2.4-h4",
"status": "unaffected"
},
{
"at": "10.2.10-h14",
"status": "unaffected"
},
{
"at": "10.2.4-h25",
"status": "affected"
}
],
"lessThan": "10.2.10-h14",
"status": "affected",
"version": "10.2.0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is only applicable to firewalls where URL\u0026nbsp;proxy or any decrypt-policy is configured.\u003cbr\u003e\u003cbr\u003eWhen any decrypt policy is configured, this issue may be encountered regardless of whether traffic matches explicit decrypt, explicit no-decrypt, or none of the decryption policies."
}
],
"value": "This issue is only applicable to firewalls where URL\u00a0proxy or any decrypt-policy is configured.\n\nWhen any decrypt policy is configured, this issue may be encountered regardless of whether traffic matches explicit decrypt, explicit no-decrypt, or none of the decryption policies."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.5",
"versionStartIncluding": "11.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.4-h4",
"versionStartIncluding": "11.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.3-h6",
"versionStartIncluding": "11.2.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.2-h2",
"versionStartIncluding": "11.2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.7",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.6-h1",
"versionStartIncluding": "11.1.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.4-h13",
"versionStartIncluding": "11.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.4-h4",
"versionStartIncluding": "11.1.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.3-h2",
"versionStartIncluding": "11.1.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.2-h18",
"versionStartIncluding": "11.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.2-h9",
"versionStartIncluding": "11.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.14",
"versionStartIncluding": "10.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.13-h3",
"versionStartIncluding": "10.2.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.12-h6",
"versionStartIncluding": "10.2.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.11-h12",
"versionStartIncluding": "10.2.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.10-h14",
"versionStartIncluding": "10.2.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.10-h2",
"versionStartIncluding": "10.2.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.9-h21",
"versionStartIncluding": "10.2.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.9-h6",
"versionStartIncluding": "10.2.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.8-h21",
"versionStartIncluding": "10.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.8-h10",
"versionStartIncluding": "10.2.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.7-h24",
"versionStartIncluding": "10.2.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:pan-os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.7-h11",
"versionStartIncluding": "10.2.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:PAN-OS:*:*",
"versionEndExcluding": "11.2.4-h4",
"versionStartIncluding": "11.2.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:palo_alto_networks:prisma_access:*:*:*:*:*:PAN-OS:*:*",
"versionEndExcluding": "10.2.10-h14",
"versionStartIncluding": "10.2.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"datePublic": "2025-11-12T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A denial-of-service (DoS) vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to reboot a firewall by sending a specially crafted packet through the dataplane. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode.\u003cbr\u003e\u003cbr\u003eThis issue is applicable to the PAN-OS software versions listed below on PA-Series firewalls, VM-Series firewalls, and Prisma\u00ae Access software. This issue does not affect Cloud NGFW.\u003cbr\u003e\u003cbr\u003e\u200b\u200bWe have successfully completed the Prisma Access upgrade for all customers, with the exception of those facing issues such as conflicting maintenance windows. Remaining customers will be promptly scheduled for an upgrade through our standard upgrade process."
}
],
"value": "A denial-of-service (DoS) vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to reboot a firewall by sending a specially crafted packet through the dataplane. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode.\n\nThis issue is applicable to the PAN-OS software versions listed below on PA-Series firewalls, VM-Series firewalls, and Prisma\u00ae Access software. This issue does not affect Cloud NGFW.\n\n\u200b\u200bWe have successfully completed the Prisma Access upgrade for all customers, with the exception of those facing issues such as conflicting maintenance windows. Remaining customers will be promptly scheduled for an upgrade through our standard upgrade process."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"value": "Palo Alto Networks is not aware of any malicious exploitation of this issue."
}
],
"impacts": [
{
"capecId": "CAPEC-129",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-129: Pointer Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:Y/R:U/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T13:48:54.807Z",
"orgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"shortName": "palo_alto"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://security.paloaltonetworks.com/CVE-2025-4619"
}
],
"solutions": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ctable class=\"tbl\"\u003e\u003cthead\u003e\u003ctr\u003e\u003cth\u003eVersion\u003cbr\u003e\u003c/th\u003e\u003cth\u003eMinor Version\u003cbr\u003e\u003c/th\u003e\u003cth\u003eSuggested Solution\u003cbr\u003e\u003c/th\u003e\u003c/tr\u003e\u003c/thead\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eCloud NGFW\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 12.1\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003ePAN-OS 11.2\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e11.2.0 through 11.2.4\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.2.4-h4 or 11.2.5 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.2.0 through 11.2.3\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.2.3-h6 or 11.2.5 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.2.0 through 11.2.2\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.2.2-h2 or 11.2.5 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003ePAN-OS 11.1\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.0 through 11.1.6\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.6-h1 or 11.1.7 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.0 through 11.1.4\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.4-h13 or 11.1.7 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.0 through 11.1.3\u003c/td\u003e\n \u003ctd\u003eRemain on a version older than 11.1.3-h2 or upgrade to 11.1.4-h13 or 11.1.7 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e11.1.0 through 11.1.2\u003c/td\u003e\n \u003ctd\u003eUpgrade to 11.1.2-h18 or 11.1.7 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003ePAN-OS 10.2\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.0 through 10.2.13\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.13-h3 or 10.2.14 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.0 through 10.2.12\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.12-h6 or 10.2.14 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.0 through 10.2.11\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.11-h12 or 10.2.14 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.0 through 10.2.10\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.10-h14 or 10.2.14 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.0 through 10.2.9\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.9-h21 or 10.2.14 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.0 through 10.2.8\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.8-h21 or 10.2.14 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.0 through 10.2.7\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.7-h24 or 10.2.14 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.0 through 10.2.4\u003c/td\u003e\n \u003ctd\u003eRemain on a version older than 10.2.4-h25\u003cbr\u003e\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\u003ctd\u003ePAN-OS 10.1\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003c/td\u003e\u003ctd\u003eNo action needed.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eAll older\u003cbr\u003eunsupported\u003cbr\u003ePAN-OS versions\u003c/td\u003e\u003ctd\u003e\u0026nbsp;\u003c/td\u003e\u003ctd\u003eUpgrade to a supported fixed version.\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e\u0026nbsp;Prisma Access\u0026nbsp; on PAN-OS\u003c/td\u003e\u003ctd\u003e11.2.0 through 11.2.4\u003c/td\u003e\u003ctd\u003eUpgrade to 11.2.4-h4\u0026nbsp;or later\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003cbr\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.0 through 10.2.10\u003c/td\u003e\n \u003ctd\u003eUpgrade to 10.2.10-h14 or 11.2.4-h4 or later.\u003c/td\u003e\n \u003c/tr\u003e\u003ctr\u003e\n \u003ctd\u003e\u003c/td\u003e\n \u003ctd\u003e10.2.0 through 10.2.4\u003c/td\u003e\n \u003ctd\u003eRemain on a version older than 10.2.4-h25.\u003c/td\u003e\n \u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e"
}
],
"value": "Version\nMinor Version\nSuggested Solution\nCloud NGFW\nNo action needed.PAN-OS 12.1\nNo action needed.\n PAN-OS 11.2\n\n 11.2.0 through 11.2.4\n Upgrade to 11.2.4-h4 or 11.2.5 or later.\n \n \n 11.2.0 through 11.2.3\n Upgrade to 11.2.3-h6 or 11.2.5 or later.\n \n \n 11.2.0 through 11.2.2\n Upgrade to 11.2.2-h2 or 11.2.5 or later.\n \n PAN-OS 11.1\n\n 11.1.0 through 11.1.6\n Upgrade to 11.1.6-h1 or 11.1.7 or later.\n \n \n 11.1.0 through 11.1.4\n Upgrade to 11.1.4-h13 or 11.1.7 or later.\n \n \n 11.1.0 through 11.1.3\n Remain on a version older than 11.1.3-h2 or upgrade to 11.1.4-h13 or 11.1.7 or later.\n \n \n 11.1.0 through 11.1.2\n Upgrade to 11.1.2-h18 or 11.1.7 or later.\n \n PAN-OS 10.2\n\n 10.2.0 through 10.2.13\n Upgrade to 10.2.13-h3 or 10.2.14 or later.\n \n \n 10.2.0 through 10.2.12\n Upgrade to 10.2.12-h6 or 10.2.14 or later.\n \n \n 10.2.0 through 10.2.11\n Upgrade to 10.2.11-h12 or 10.2.14 or later.\n \n \n 10.2.0 through 10.2.10\n Upgrade to 10.2.10-h14 or 10.2.14 or later.\n \n \n 10.2.0 through 10.2.9\n Upgrade to 10.2.9-h21 or 10.2.14 or later.\n \n \n 10.2.0 through 10.2.8\n Upgrade to 10.2.8-h21 or 10.2.14 or later.\n \n \n 10.2.0 through 10.2.7\n Upgrade to 10.2.7-h24 or 10.2.14 or later.\n \n \n 10.2.0 through 10.2.4\n Remain on a version older than 10.2.4-h25\n\n PAN-OS 10.1\nNo action needed.All older\nunsupported\nPAN-OS versions\u00a0Upgrade to a supported fixed version.\u00a0Prisma Access\u00a0 on PAN-OS11.2.0 through 11.2.4Upgrade to 11.2.4-h4\u00a0or later\n \n\n 10.2.0 through 10.2.10\n Upgrade to 10.2.10-h14 or 11.2.4-h4 or later.\n \n \n 10.2.0 through 10.2.4\n Remain on a version older than 10.2.4-h25."
}
],
"source": {
"defect": [
"PAN-247099"
],
"discovery": "USER"
},
"timeline": [
{
"lang": "en",
"time": "2025-11-12T17:00:00.000Z",
"value": "Initial publication"
}
],
"title": "PAN-OS: Firewall Denial of Service (DoS) Using Specially Crafted Packets",
"workarounds": [
{
"lang": "eng",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No known workarounds exist for this issue."
}
],
"value": "No known workarounds exist for this issue."
}
],
"x_affectedList": [
"PAN-OS 11.2.4-h3",
"PAN-OS 11.2.4-h2",
"PAN-OS 11.2.4-h1",
"PAN-OS 11.2.4",
"PAN-OS 11.2.3-h5",
"PAN-OS 11.2.3-h4",
"PAN-OS 11.2.3-h3",
"PAN-OS 11.2.3-h2",
"PAN-OS 11.2.3-h1",
"PAN-OS 11.2.3",
"PAN-OS 11.2.2-h1",
"PAN-OS 11.2.2",
"PAN-OS 11.2.1-h1",
"PAN-OS 11.2.1",
"PAN-OS 11.2.0-h1",
"PAN-OS 11.2.0",
"PAN-OS 11.1.6",
"PAN-OS 11.1.5-h1",
"PAN-OS 11.1.5",
"PAN-OS 11.1.4-h12",
"PAN-OS 11.1.4-h11",
"PAN-OS 11.1.4-h10",
"PAN-OS 11.1.4-h9",
"PAN-OS 11.1.4-h8",
"PAN-OS 11.1.4-h7",
"PAN-OS 11.1.4-h6",
"PAN-OS 11.1.4-h5",
"PAN-OS 11.1.3-h13",
"PAN-OS 11.1.3-h12",
"PAN-OS 11.1.3-h11",
"PAN-OS 11.1.3-h10",
"PAN-OS 11.1.3-h9",
"PAN-OS 11.1.3-h8",
"PAN-OS 11.1.3-h7",
"PAN-OS 11.1.3-h6",
"PAN-OS 11.1.3-h5",
"PAN-OS 11.1.3-h4",
"PAN-OS 11.1.3-h3",
"PAN-OS 11.1.3-h2",
"PAN-OS 11.1.2-h17",
"PAN-OS 11.1.2-h16",
"PAN-OS 11.1.2-h15",
"PAN-OS 11.1.2-h14",
"PAN-OS 11.1.2-h13",
"PAN-OS 11.1.2-h12",
"PAN-OS 11.1.2-h11",
"PAN-OS 11.1.2-h10",
"PAN-OS 11.1.2-h9",
"PAN-OS 11.1.1-h2",
"PAN-OS 11.1.1-h1",
"PAN-OS 11.1.1",
"PAN-OS 11.1.0-h4",
"PAN-OS 11.1.0-h3",
"PAN-OS 11.1.0-h2",
"PAN-OS 11.1.0-h1",
"PAN-OS 11.1.0",
"PAN-OS 10.2.13-h2",
"PAN-OS 10.2.13-h1",
"PAN-OS 10.2.13",
"PAN-OS 10.2.12-h5",
"PAN-OS 10.2.12-h4",
"PAN-OS 10.2.12-h3",
"PAN-OS 10.2.12-h2",
"PAN-OS 10.2.12-h1",
"PAN-OS 10.2.12",
"PAN-OS 10.2.11-h11",
"PAN-OS 10.2.11-h10",
"PAN-OS 10.2.11-h9",
"PAN-OS 10.2.11-h8",
"PAN-OS 10.2.11-h7",
"PAN-OS 10.2.11-h6",
"PAN-OS 10.2.11-h5",
"PAN-OS 10.2.11-h4",
"PAN-OS 10.2.11-h3",
"PAN-OS 10.2.11-h2",
"PAN-OS 10.2.11-h1",
"PAN-OS 10.2.11",
"PAN-OS 10.2.10-h13",
"PAN-OS 10.2.10-h12",
"PAN-OS 10.2.10-h11",
"PAN-OS 10.2.10-h10",
"PAN-OS 10.2.10-h9",
"PAN-OS 10.2.10-h8",
"PAN-OS 10.2.10-h7",
"PAN-OS 10.2.10-h6",
"PAN-OS 10.2.10-h5",
"PAN-OS 10.2.10-h4",
"PAN-OS 10.2.10-h3",
"PAN-OS 10.2.10-h2",
"PAN-OS 10.2.9-h20",
"PAN-OS 10.2.9-h19",
"PAN-OS 10.2.9-h18",
"PAN-OS 10.2.9-h17",
"PAN-OS 10.2.9-h16",
"PAN-OS 10.2.9-h15",
"PAN-OS 10.2.9-h14",
"PAN-OS 10.2.9-h13",
"PAN-OS 10.2.9-h12",
"PAN-OS 10.2.9-h11",
"PAN-OS 10.2.9-h10",
"PAN-OS 10.2.9-h9",
"PAN-OS 10.2.9-h8",
"PAN-OS 10.2.9-h7",
"PAN-OS 10.2.9-h6",
"PAN-OS 10.2.8-h20",
"PAN-OS 10.2.8-h19",
"PAN-OS 10.2.8-h18",
"PAN-OS 10.2.8-h17",
"PAN-OS 10.2.8-h16",
"PAN-OS 10.2.8-h15",
"PAN-OS 10.2.8-h14",
"PAN-OS 10.2.8-h13",
"PAN-OS 10.2.8-h12",
"PAN-OS 10.2.8-h11",
"PAN-OS 10.2.8-h10",
"PAN-OS 10.2.7-h23",
"PAN-OS 10.2.7-h22",
"PAN-OS 10.2.7-h21",
"PAN-OS 10.2.7-h20",
"PAN-OS 10.2.7-h19",
"PAN-OS 10.2.7-h18",
"PAN-OS 10.2.7-h17",
"PAN-OS 10.2.7-h16",
"PAN-OS 10.2.7-h15",
"PAN-OS 10.2.7-h14",
"PAN-OS 10.2.7-h13",
"PAN-OS 10.2.7-h12",
"PAN-OS 10.2.7-h11",
"PAN-OS 10.2.6-h6",
"PAN-OS 10.2.6-h5",
"PAN-OS 10.2.6-h4",
"PAN-OS 10.2.6-h3",
"PAN-OS 10.2.6-h2",
"PAN-OS 10.2.6-h1",
"PAN-OS 10.2.6",
"PAN-OS 10.2.5-h9",
"PAN-OS 10.2.5-h8",
"PAN-OS 10.2.5-h7",
"PAN-OS 10.2.5-h6",
"PAN-OS 10.2.5-h5",
"PAN-OS 10.2.5-h4",
"PAN-OS 10.2.5-h3",
"PAN-OS 10.2.5-h2",
"PAN-OS 10.2.5-h1",
"PAN-OS 10.2.5",
"PAN-OS 10.2.4-h32",
"PAN-OS 10.2.4-h31",
"PAN-OS 10.2.4-h30",
"PAN-OS 10.2.4-h29",
"PAN-OS 10.2.4-h28",
"PAN-OS 10.2.4-h27",
"PAN-OS 10.2.4-h26",
"PAN-OS 10.2.4-h25",
"PAN-OS 10.2.3-h14",
"PAN-OS 10.2.3-h13",
"PAN-OS 10.2.3-h12",
"PAN-OS 10.2.3-h11",
"PAN-OS 10.2.3-h10",
"PAN-OS 10.2.3-h9",
"PAN-OS 10.2.3-h8",
"PAN-OS 10.2.3-h7",
"PAN-OS 10.2.3-h6",
"PAN-OS 10.2.3-h5",
"PAN-OS 10.2.3-h4",
"PAN-OS 10.2.3-h3",
"PAN-OS 10.2.3-h2",
"PAN-OS 10.2.3-h1",
"PAN-OS 10.2.3",
"PAN-OS 10.2.2-h6",
"PAN-OS 10.2.2-h5",
"PAN-OS 10.2.2-h4",
"PAN-OS 10.2.2-h3",
"PAN-OS 10.2.2-h2",
"PAN-OS 10.2.2-h1",
"PAN-OS 10.2.2",
"PAN-OS 10.2.1-h3",
"PAN-OS 10.2.1-h2",
"PAN-OS 10.2.1-h1",
"PAN-OS 10.2.1",
"PAN-OS 10.2.0-h4",
"PAN-OS 10.2.0-h3",
"PAN-OS 10.2.0-h2",
"PAN-OS 10.2.0-h1",
"PAN-OS 10.2.0"
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "d6c1279f-00f6-4ef7-9217-f89ffe703ec0",
"assignerShortName": "palo_alto",
"cveId": "CVE-2025-4619",
"datePublished": "2025-11-13T20:24:19.208Z",
"dateReserved": "2025-05-12T22:05:16.932Z",
"dateUpdated": "2025-11-14T18:08:10.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-3359 (GCVE-0-2025-3359)
Vulnerability from cvelistv5 – Published: 2025-04-07 12:43 – Updated: 2026-05-03 09:12- CWE-754 - Improper Check for Unusual or Exceptional Conditions
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2025-3359 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2357749 | issue-trackingx_refsource_REDHAT |
| https://sourceforge.net/p/gnuplot/bugs/2781/ |
| Vendor | Product | Version | |
|---|---|---|---|
|
Affected:
0 , < 6.1
(semver)
|
|||
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-3359",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T19:08:35.922002Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T19:08:41.344Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://sourceforge.net/projects/gnuplot/",
"defaultStatus": "unaffected",
"packageName": "gnuplot",
"versions": [
{
"lessThan": "6.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "gnuplot",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"packageName": "gnuplot",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "gnuplot",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank ChenYiFan Liu for reporting this issue."
}
],
"datePublic": "2025-04-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in GNUPlot. A segmentation fault via IO_str_init_static_internal may jeopardize the environment."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-03T09:12:28.072Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-3359"
},
{
"name": "RHBZ#2357749",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2357749"
},
{
"url": "https://sourceforge.net/p/gnuplot/bugs/2781/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-04-07T01:36:42.665Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-04-07T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Gnuplot: segmentation fault via io_str_init_static_internal function",
"workarounds": [
{
"lang": "en",
"value": "Currently, no mitigation is available for this vulnerability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-3359",
"datePublished": "2025-04-07T12:43:43.759Z",
"dateReserved": "2025-04-07T01:39:21.092Z",
"dateUpdated": "2026-05-03T09:12:28.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation MIT-3
Strategy: Language Selection
- Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- Choose languages with features such as exception handling that force the programmer to anticipate unusual conditions that may generate exceptions. Custom exceptions may need to be developed to handle unusual business-logic conditions. Be careful not to pass sensitive exceptions back to the user (CWE-209, CWE-248).
Mitigation
Check the results of all functions that return a value and verify that the value is expected.
Mitigation
If using exception handling, catch and throw specific exceptions instead of overly-general exceptions (CWE-396, CWE-397). Catch and handle exceptions as locally as possible so that exceptions do not propagate too far up the call stack (CWE-705). Avoid unchecked or uncaught exceptions where feasible (CWE-248).
Mitigation MIT-39
- Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
- If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
- Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
- Exposing additional information to a potential attacker in the context of an exceptional condition can help the attacker determine what attack vectors are most likely to succeed beyond DoS.
Mitigation MIT-5
Strategy: Input Validation
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
Mitigation MIT-38
If the program must fail, ensure that it fails gracefully (fails closed). There may be a temptation to simply let the program fail poorly in cases such as low memory conditions, but an attacker may be able to assert control before the software has fully exited. Alternately, an uncontrolled failure could cause cascading problems with other downstream components; for example, the program could send a signal to a downstream process so the process immediately knows that a problem has occurred and has a better chance of recovery.
Mitigation
Use system limits, which should help to prevent resource exhaustion. However, the product should still handle low resource conditions since they may still occur.
No CAPEC attack patterns related to this CWE.