Home > Vulnerability Database > CVE-2025-32959

Mend.io Vulnerability Database

CVE-2025-32959

Good to know:

Date: April 22, 2025

CUBA Platform is a high level framework for enterprise applications development. Prior to version 7.2.23, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files, potentially causing the server to run out of space and return HTTP 500 error, resulting in a denial of service. This issue has been patched in version 7.2.23. A workaround is provided on the Jmix documentation website.

Severity Score

6.5

Related Resources (8)

Url: https://github.com/jmix-framework/jmix/security/advisories/GHSA-f3gv-cwwh-758m

Url: https://github.com/cuba-platform/cuba/commit/42b6c00fd0572b8e52ae31afd1babc827a3161a1

Url: https://docs.jmix.io/jmix/files-vulnerabilities.html

Url: https://docs.jmix.io/jmix/files-vulnerabilities.html#disable-files-endpoint-in-cuba-application

Url: https://github.com/cuba-platform/cuba

Url: https://github.com/cuba-platform/cuba/security/advisories/GHSA-w3mp-6vrj-875g

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-32959

Url: https://www.mend.io/vulnerability-database/CVE-2025-32959

Severity Score

6.5

Weakness Type (CWE)

Allocation of Resources Without Limits or Throttling

CWE-770

Top Fix

Upgrade Version

Upgrade to version https://github.com/cuba-platform/cuba.git - 7.2.23

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-32959

Good to know:

Date: April 22, 2025

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?