CVE-2025-63561

EUVD-2025-37393
Summer Pearl Group Vacation Rental Management Platform prior to 1.0.2 is susceptible to a Slowloris-style Denial-of-Service (DoS) condition in the HTTP connection handling layer, where an attacker that opens and maintains many slow or partially-completed HTTP connections can exhaust the server’s connection pool and worker capacity, preventing legitimate users and APIs from accessing the service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
Affected Products (NVD)
VendorProductVersion
summerpearlgroupvacation_rental_management_platform
𝑥
< 1.0.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/Stolichnayer/Summer-Pearl-Group-Slowloris-DoS