Home > Vulnerability Database > CVE-2025-64509

Mend.io Vulnerability Database

CVE-2025-64509

Good to know:

Date: November 10, 2025

Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.6, a specially crafted Brotli-compressed envelope can cause Bugsink to spend excessive CPU time in decompression, leading to denial of service. This can be done if the DSN is known, which it is in many common setups (JavaScript, Mobile Apps). The issue is patched in Bugsink 2.0.6. The vulnerability is similar to, but distinct from, another brotli-related problem in Bugsink, GHSA-fc2v-vcwj-269v/CVE-2025-64508.

Severity Score

7.5

Related Resources (5)

Url: https://github.com/bugsink/bugsink/security/advisories/GHSA-rrx3-2x4g-mq2h

Url: https://github.com/bugsink/bugsink/commit/1201f754e39265d2aac58edf49dc380bac334388

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-64509

Url: https://github.com/bugsink/bugsink

Url: https://www.mend.io/vulnerability-database/CVE-2025-64509

Severity Score

7.5

Weakness Type (CWE)

Allocation of Resources Without Limits or Throttling

CWE-770

Top Fix

Upgrade Version

Upgrade to version bugsink - 2.0.6;https://github.com/bugsink/bugsink.git - 2.0.6

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-64509

Good to know:

Date: November 10, 2025

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?