CVE-2025-32959
BaseFortify
Publication date: 2025-04-22
Last updated on: 2025-04-23
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability is an unrestricted file upload issue in CUBA Platform versions prior to 7.2.23. Because the local file storage implementation does not restrict the size of uploaded files, an attacker can upload excessively large files. This could fill up the serverβs disk space, leading to HTTP 500 errors and thus causing a denial of service. The issue has been fixed in version 7.2.23, and a workaround is available by disabling the Files Endpoint. [4]
How can this vulnerability impact me? :
If you are running a vulnerable version of the CUBA Platform, an attacker could exploit this issue to exhaust your server's disk space with large file uploads. This would result in HTTP 500 errors and a denial of service, potentially making your application unavailable to legitimate users. [4]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade to CUBA Platform version 7.2.23 where the issue has been fixed. If upgrading immediately is not feasible, as a workaround, disable the Files Endpoint in your CUBA Application. [2, 4]