CWE-460
Improper Cleanup on Thrown Exception
The product does not clean up its state or incorrectly cleans up its state when an exception is thrown, leading to unexpected state or control flow.
CVE-2025-59399 (GCVE-0-2025-59399)
Vulnerability from cvelistv5
Published
2025-09-15 00:00
Modified
2025-09-15 18:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-460 - Improper Cleanup on Thrown Exception
Summary
libocpp before 0.28.0 allows a denial of service (EVerest crash) because a secondary exception is thrown during error message generation.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59399",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-15T18:36:27.188566Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T18:36:54.656Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "libocpp",
"vendor": "EVerest",
"versions": [
{
"lessThan": "0.28.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "libocpp before 0.28.0 allows a denial of service (EVerest crash) because a secondary exception is thrown during error message generation."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-460",
"description": "CWE-460 Improper Cleanup on Thrown Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T18:17:21.220Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/EVerest/libocpp/commit/0b84d7f9fb3c338d470770f220a7b7f21db78878"
},
{
"url": "https://github.com/EVerest/libocpp/compare/v0.27.1...v0.28.0"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-59399",
"datePublished": "2025-09-15T00:00:00.000Z",
"dateReserved": "2025-09-15T00:00:00.000Z",
"dateUpdated": "2025-09-15T18:36:54.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Implementation
Description:
- If one breaks from a loop or function by throwing an exception, make sure that cleanup happens or that you should exit the program. Use throwing exceptions sparsely.
No CAPEC attack patterns related to this CWE.