Home > Vulnerability Database > CVE-2025-55152

Mend.io Vulnerability Database

CVE-2025-55152

Good to know:

Date: August 8, 2025

oak is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. In versions 17.1.5 and below, it's possible to significantly slow down an oak server with specially crafted values of the x-forwarded-proto or x-forwarded-for headers.

Severity Score

5.3

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-55152

Url: https://github.com/oakserver/oak

Url: https://github.com/oakserver/oak/commit/b60e60330ef227707c4dc13ef0ea36192d894f44

Url: https://github.com/oakserver/oak/blob/v17.1.5/request.ts#L87

Url: https://github.com/oakserver/oak/blob/v17.1.5/request.ts#L142

Url: https://github.com/oakserver/oak/security/advisories/GHSA-r3v7-pc4g-7xp9

Url: https://www.mend.io/vulnerability-database/CVE-2025-55152

Severity Score

5.3

Weakness Type (CWE)

Uncontrolled Resource Consumption

CWE-400

Inefficient Regular Expression Complexity

CWE-1333

Top Fix

Upgrade Version

Upgrade to version https://github.com/oakserver/oak.git - v17.1.6

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-55152

Good to know:

Date: August 8, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?