CVE-2025-67899 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	2.9 LOW	LOCAL	HIGH	NONE	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
mitre	CNA	2.9 LOW	LOCAL	HIGH	NONE	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 4%

Debian Releases

Debian Product

Codename

uriparser

bookworm	no-dsa
bullseye	postponed
bullseye (security)	vulnerable
forky	vulnerable
sid	vulnerable
trixie	no-dsa

Ubuntu Releases

Ubuntu Product

Codename

uriparser

bionic	needed
focal	needed
jammy	needed
noble	needed
plucky	ignored
questing	needed
trusty	needed
xenial	needed

Common Weakness Enumeration

CWE-674 - Uncontrolled Recursion
The product does not properly control the amount of recursion which takes place, consuming excessive resources, such as allocated memory or the program stack.

Vulnerability Media Exposure

[GERMAN] PHP: Mehrere Schwachstellen
Ein entfernter Angreifer kann mehrere Schwachstellen in PHP ausnutzen, um Informationen offenzulegen, einen Denial of Service Zustand herbeizuführen, um einen Server-Side Request-Forgery Angriff ausführen oder nicht bekannte Auswirkungen erzielen.
Published: 2025-12-18T23:00:00+00:00

References

https://github.com/uriparser/uriparser/issues/282

https://github.com/uriparser/uriparser/pull/284

http://www.openwall.com/lists/oss-security/2025/12/15/1