CVE-2025-14341
Excessive Allocation in DivvyDrive
Publication date: 2026-05-07
Last updated on: 2026-05-07
Assigner: Computer Emergency Response Team of the Republic of Turkey
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| divvydrive_information_technologies_inc | divvydrive | From 4.8.2.19 (inc) to 4.8.3.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-915 | The product receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified. |
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves improperly controlled modification of dynamically-determined object attributes and allocation of resources without limits or throttling in DivvyDrive software by DivvyDrive Information Technologies Inc. Specifically, it allows excessive allocation and flooding, which means the software does not properly restrict how much resource can be consumed or how object attributes can be modified dynamically.
How can this vulnerability impact me? :
The vulnerability can lead to significant impacts including excessive consumption of resources, which may cause denial of service or degraded performance. According to the CVSS score of 8.3, it can result in low confidentiality impact, high integrity impact, and high availability impact, meaning attackers could potentially disrupt service availability and compromise data integrity.