CVE-2025-35435
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-17

Last updated on: 2025-09-26

Assigner: Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government

Description
CISA Thorium accepts a stream split size of zero then divides by this value. A remote, authenticated attacker could cause the service to crash. Fixed in commit 89101a6.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-17
Last Modified
2025-09-26
Generated
2026-04-23
AI Q&A
2025-09-17
EPSS Evaluated
2026-04-22
NVD
CVE-2025-35435
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cisa thorium to 1.1.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-369 The product divides a value by zero.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs because CISA Thorium accepts a stream split size of zero and then divides by this value, which leads to a division by zero error. A remote, authenticated attacker can exploit this to cause the service to crash.


How can this vulnerability impact me? :

The vulnerability can cause the affected service to crash, leading to a denial of service condition. This could disrupt availability of the service for legitimate users.


What immediate steps should I take to mitigate this vulnerability?

Apply the fix provided in commit 89101a6 to the CISA Thorium service to prevent the crash caused by a zero stream split size.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart