CVE-2025-6998
BaseFortify
Publication date: 2025-07-24
Last updated on: 2025-07-25
Assigner: Fluid Attacks
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| autocaliweb | autocaliweb | 0.7.0 |
| calibre_web | calibre_web | 0.6.24 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1333 | The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-6998 is a Regular Expression Denial of Service (ReDoS) vulnerability in the strip_whitespaces() function within the cps/string_helper.py file of Calibre Web 0.6.24 and Autocaliweb 0.7.0. This function uses a regular expression that is vulnerable to catastrophic backtracking when processing specially crafted input, specifically the username parameter during login. An unauthenticated remote attacker can exploit this by sending a maliciously crafted username that causes the server to hang for a significant time, resulting in denial of service. [1]
How can this vulnerability impact me? :
This vulnerability allows unauthenticated remote attackers to cause the backend server to hang or become unresponsive by sending specially crafted username inputs during login. This leads to a denial of service condition, potentially disrupting access to the affected application and impacting availability. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring login attempts for unusually long processing times or server hangs caused by the specially crafted username parameter triggering catastrophic backtracking in the strip_whitespaces() function. A proof-of-concept involves sending a username payload with a null byte, followed by 54,773 tab characters, and another null byte. To detect exploitation attempts, you can capture and analyze login request payloads for suspiciously long or malformed username parameters. Network monitoring tools or web server logs can be used to identify such patterns. Specific commands are not provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading Autocaliweb to version 0.7.1, which has patched this vulnerability. For Calibre Web, no patch is currently available, so consider implementing network-level protections such as rate limiting, input validation, or temporarily restricting access to the login endpoint to prevent exploitation. Monitoring and blocking suspicious login attempts with malformed username parameters can also help mitigate the risk until an official patch is released. [1]