CVE-2025-53636
BaseFortify
Publication date: 2025-07-11
Last updated on: 2025-07-15
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| osc | ondemand | 3.1 |
| osc | ondemand | 4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
| CWE-779 | The product logs too much information, making log files hard to process and possibly hindering recovery efforts or forensic analysis after an attack. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Open OnDemand allows users to flood the system logs by interacting with the shell app and generating many errors. This log flooding creates very large log files, which can cause a Denial of Service (DoS) to the ondemand system.
How can this vulnerability impact me? :
The vulnerability can impact you by causing a Denial of Service (DoS) on the Open OnDemand system, making it unavailable or unstable due to excessively large log files generated by malicious or excessive user activity.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update Open OnDemand to version 3.1.14 or 4.0.6 where the issue is fixed. Additionally, monitor and limit user interactions with the shell app to prevent log flooding that can cause Denial of Service.