CVE-2025-62727
BaseFortify
Publication date: 2025-10-28
Last updated on: 2025-11-04
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| kludex | starlette | 0.49.0 |
| kludex | starlette | 0.49.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-407 | An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Starlette versions prior to 0.49.1 allows an unauthenticated attacker to send a specially crafted HTTP Range header that causes the FileResponse component to perform quadratic-time processing during Range parsing and merging. This excessive processing leads to high CPU usage per request, potentially causing denial-of-service conditions on endpoints serving files.
How can this vulnerability impact me? :
The vulnerability can lead to denial-of-service (DoS) attacks by exhausting CPU resources on servers running vulnerable versions of Starlette when handling file-serving endpoints. This can make the affected services unavailable to legitimate users.
What immediate steps should I take to mitigate this vulnerability?
Upgrade Starlette to version 0.49.1 or later, as this version contains the fix for the vulnerability. Until the upgrade can be applied, consider restricting or disabling endpoints serving files using FileResponse or StaticFiles to prevent exploitation.