Home > Vulnerability Database > CVE-2025-68272

Mend.io Vulnerability Database

CVE-2025-68272

Good to know:

Date: January 1, 2026

Signal K Server is a server application that runs on a central hub in a boat. A Denial of Service (DoS) vulnerability in versions prior to 2.19.0 allows an unauthenticated attacker to crash the SignalK Server by flooding the access request endpoint ("/signalk/v1/access/requests"). This causes a "JavaScript heap out of memory" error due to unbounded in-memory storage of request objects. Version 2.19.0 fixes the issue.

Severity Score

7.5

Related Resources (6)

Url: https://github.com/SignalK/signalk-server/security/advisories/GHSA-7rqc-ff8m-7j23

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-68272

Url: https://github.com/SignalK/signalk-server

Url: https://github.com/SignalK/signalk-server/commit/55e3574d8266fbc0ed8e453ad4557073541566f5

Url: https://github.com/SignalK/signalk-server/releases/tag/v2.19.0

Url: https://www.mend.io/vulnerability-database/CVE-2025-68272

Severity Score

7.5

Weakness Type (CWE)

Uncontrolled Resource Consumption

CWE-400

Allocation of Resources Without Limits or Throttling

CWE-770

Top Fix

Upgrade Version

Upgrade to version signalk-server - 2.19.0;https://github.com/SignalK/signalk-server.git - v2.19.0

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-68272

Good to know:

Date: January 1, 2026

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?