CVE-2025-61303
BaseFortify
Publication date: 2025-10-20
Last updated on: 2025-10-21
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| recordedfuture | triage | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Windows behavioral analysis engine of Hatching Triage Sandbox on Windows 10 build 2004 and Windows 10 LTSC 2021. It allows a submitted malware sample to evade detection by recursively spawning many child processes, which generates a high volume of logs and exhausts system resources. This causes denial-of-analysis, meaning key malicious behaviors like PowerShell execution and reverse shell activity may not be recorded or reported, misleading analysts and compromising the integrity and availability of sandbox analysis results.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing malware to evade detection during sandbox analysis, potentially leading to undetected malicious activity. It can cause denial-of-analysis by exhausting system resources, resulting in incomplete or misleading analysis reports. This compromises the reliability of malware detection and may allow harmful actions to go unnoticed.