CVE-2025-61582
BaseFortify
Publication date: 2025-10-01
Last updated on: 2025-10-20
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| joni1802 | ts3_manager | to 2.2.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Denial of Service (DoS) issue in TS3 Manager versions 2.2.1 and earlier. An unauthenticated attacker can crash the application by submitting specially crafted Unicode tag characters to the Server field on the login page. The application improperly handles these characters during ASCII conversion, causing an unhandled exception that terminates the application within seconds.
How can this vulnerability impact me? :
The vulnerability can cause the TS3 Manager application to crash, resulting in denial of service. This means legitimate users will be unable to access or manage Teamspeak3 servers while the application is down, potentially disrupting communication and server management.
What immediate steps should I take to mitigate this vulnerability?
Upgrade TS3 Manager to version 2.2.2 or later, as this version contains the fix for the Denial of Service vulnerability caused by specially crafted Unicode input. Until the upgrade is applied, restrict access to the login page to trusted users or networks to reduce the risk of exploitation.