CVE-2025-32959
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-04-22

Last updated on: 2025-04-23

Assigner: GitHub, Inc.

Description
CUBA Platform is a high level framework for enterprise applications development. Prior to version 7.2.23, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files, potentially causing the server to run out of space and return HTTP 500 error, resulting in a denial of service. This issue has been patched in version 7.2.23. A workaround is provided on the Jmix documentation website.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-04-22
Last Modified
2025-04-23
Generated
2026-06-16
AI Q&A
2025-04-23
EPSS Evaluated
2026-06-14
NVD
CVE-2025-32959
EUVD
EUVD-2025-12222
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability is an unrestricted file upload issue in CUBA Platform versions prior to 7.2.23. Because the local file storage implementation does not restrict the size of uploaded files, an attacker can upload excessively large files. This could fill up the server’s disk space, leading to HTTP 500 errors and thus causing a denial of service. The issue has been fixed in version 7.2.23, and a workaround is available by disabling the Files Endpoint. [4]

Impact Analysis

If you are running a vulnerable version of the CUBA Platform, an attacker could exploit this issue to exhaust your server's disk space with large file uploads. This would result in HTTP 500 errors and a denial of service, potentially making your application unavailable to legitimate users. [4]

Mitigation Strategies

To mitigate this vulnerability, you should upgrade to CUBA Platform version 7.2.23 where the issue has been fixed. If upgrading immediately is not feasible, as a workaround, disable the Files Endpoint in your CUBA Application. [2, 4]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-32959. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart