cvelistv5 - CVE-2025-52570

CVE-2025-52570 (GCVE-0-2025-52570)

Vulnerability from cvelistv5

Published

2025-06-24 03:13

Modified

2025-06-24 14:42

Severity ?

1.7 (Low) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

CWE

CWE-799 - Improper Control of Interaction Frequency
CWE-770 - Allocation of Resources Without Limits or Throttling

Summary

Letmein is an authenticating port knocker. Prior to version 10.2.1, The connection limiter is implemented incorrectly. It allows an arbitrary amount of simultaneously incoming connections (TCP, UDP and Unix socket) for the services letmeind and letmeinfwd. Therefore, the command line option num-connections is not effective and does not limit the number of simultaneously incoming connections. This issue has been patched in version 10.2.1.

References

▼	URL	Tags
	security-advisories@github.com	https://github.com/mbuesch/letmein/commit/43207cd77580410d97165d1e3c07361ba6f3558c
	security-advisories@github.com	https://github.com/mbuesch/letmein/security/advisories/GHSA-jpv7-p47h-f43j

Impacted products

	Vendor	Product	Version
	mbuesch	letmein	Version: < 10.2.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-52570",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-24T14:41:41.688686Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-24T14:42:51.785Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "letmein",
          "vendor": "mbuesch",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 10.2.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Letmein is an authenticating port knocker. Prior to version 10.2.1, The connection limiter is implemented incorrectly. It allows an arbitrary amount of simultaneously incoming connections (TCP, UDP and Unix socket) for the services letmeind and letmeinfwd. Therefore, the command line option num-connections is not effective and does not limit the number of simultaneously incoming connections. This issue has been patched in version 10.2.1."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 1.7,
            "baseSeverity": "LOW",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-799",
              "description": "CWE-799: Improper Control of Interaction Frequency",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-24T03:13:29.370Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/mbuesch/letmein/security/advisories/GHSA-jpv7-p47h-f43j",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/mbuesch/letmein/security/advisories/GHSA-jpv7-p47h-f43j"
        },
        {
          "name": "https://github.com/mbuesch/letmein/commit/43207cd77580410d97165d1e3c07361ba6f3558c",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/mbuesch/letmein/commit/43207cd77580410d97165d1e3c07361ba6f3558c"
        }
      ],
      "source": {
        "advisory": "GHSA-jpv7-p47h-f43j",
        "discovery": "UNKNOWN"
      },
      "title": "Letmein connection limiter allows an arbitrary amount of simultaneous connections"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-52570",
    "datePublished": "2025-06-24T03:13:29.370Z",
    "dateReserved": "2025-06-18T03:55:52.036Z",
    "dateUpdated": "2025-06-24T14:42:51.785Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-52570\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-06-24T04:15:50.360\",\"lastModified\":\"2025-06-26T18:58:14.280\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Letmein is an authenticating port knocker. Prior to version 10.2.1, The connection limiter is implemented incorrectly. It allows an arbitrary amount of simultaneously incoming connections (TCP, UDP and Unix socket) for the services letmeind and letmeinfwd. Therefore, the command line option num-connections is not effective and does not limit the number of simultaneously incoming connections. This issue has been patched in version 10.2.1.\"},{\"lang\":\"es\",\"value\":\"Letmein es un bloqueador de puertos de autenticaci\u00f3n. Antes de la versi\u00f3n 10.2.1, el limitador de conexiones estaba implementado incorrectamente. Permit\u00eda un n\u00famero arbitrario de conexiones entrantes simult\u00e1neas (TCP, UDP y socket Unix) para los servicios letmeind y letmeinfwd. Por lo tanto, la opci\u00f3n de l\u00ednea de comandos num-connections no es efectiva y no limita el n\u00famero de conexiones entrantes simult\u00e1neas. Este problema se ha corregido en la versi\u00f3n 10.2.1.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":1.7,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"UNREPORTED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"},{\"lang\":\"en\",\"value\":\"CWE-799\"}]}],\"references\":[{\"url\":\"https://github.com/mbuesch/letmein/commit/43207cd77580410d97165d1e3c07361ba6f3558c\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/mbuesch/letmein/security/advisories/GHSA-jpv7-p47h-f43j\",\"source\":\"security-advisories@github.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-52570\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-24T14:41:41.688686Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-24T14:42:32.108Z\"}}], \"cna\": {\"title\": \"Letmein connection limiter allows an arbitrary amount of simultaneous connections\", \"source\": {\"advisory\": \"GHSA-jpv7-p47h-f43j\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 1.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"LOW\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"mbuesch\", \"product\": \"letmein\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 10.2.1\"}]}], \"references\": [{\"url\": \"https://github.com/mbuesch/letmein/security/advisories/GHSA-jpv7-p47h-f43j\", \"name\": \"https://github.com/mbuesch/letmein/security/advisories/GHSA-jpv7-p47h-f43j\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/mbuesch/letmein/commit/43207cd77580410d97165d1e3c07361ba6f3558c\", \"name\": \"https://github.com/mbuesch/letmein/commit/43207cd77580410d97165d1e3c07361ba6f3558c\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Letmein is an authenticating port knocker. Prior to version 10.2.1, The connection limiter is implemented incorrectly. It allows an arbitrary amount of simultaneously incoming connections (TCP, UDP and Unix socket) for the services letmeind and letmeinfwd. Therefore, the command line option num-connections is not effective and does not limit the number of simultaneously incoming connections. This issue has been patched in version 10.2.1.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-799\", \"description\": \"CWE-799: Improper Control of Interaction Frequency\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770: Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-06-24T03:13:29.370Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-52570\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-24T14:42:51.785Z\", \"dateReserved\": \"2025-06-18T03:55:52.036Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-06-24T03:13:29.370Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

ghsa-jpv7-p47h-f43j

Vulnerability from github

Published

2025-06-23 21:24

Modified

2025-06-27 23:08

Severity ?

4.6 (Medium) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

Summary

letmein connection limiter allows an arbitrary amount of simultaneous connections

Details

Impact

The connection limiter is implemented incorrectly. It allows an arbitrary amount of simultaneously incoming connections (TCP, UDP and Unix socket) for the services letmeind and letmeinfwd. Therefore, the command line option num-connections is not effective and does not limit the number of simultaneously incoming connections.

letmeind is the public network facing daemon (TCP/UDP).

letmeinfwd is the internal firewall daemon that only listens on local Unix socket.

Possible Denial Of Service by resource exhaustion.

Affected versions

All versions <= 10.2.0 are affected.

Patches

All users shall upgrade to version 10.2.1.

Workarounds

Untested possible workarounds: - It might be possible to limit the number of active connections to the letmeind port (default 5800) via firewall. - The resource consumption of the service might be restricted with a service manager such as systemd.

Severity:

If a (D)DoS is run against the service, something is going to be affected. The connection limiter assures that the effect on the system itself is limited at the expense of the effect on the letmein services itself. So even with the connection limiter active, a (D)DoS can lead to a less responsive or unresponsive letmein service.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 10.2.0"
      },
      "package": {
        "ecosystem": "crates.io",
        "name": "letmeind"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "10.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 10.2.0"
      },
      "package": {
        "ecosystem": "crates.io",
        "name": "letmeinfwd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "10.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-52570"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-770"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-06-23T21:24:59Z",
    "nvd_published_at": "2025-06-24T04:15:50Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nThe connection limiter is implemented incorrectly.\nIt allows an arbitrary amount of simultaneously incoming connections (TCP, UDP and Unix socket) for the services `letmeind` and `letmeinfwd`.\nTherefore, the command line option `num-connections` is not effective and does not limit the number of simultaneously incoming connections.\n\n`letmeind` is the public network facing daemon (TCP/UDP).\n\n`letmeinfwd` is the internal firewall daemon that only listens on local Unix socket.\n\nPossible Denial Of Service by resource exhaustion.\n\n### Affected versions\nAll versions `\u003c= 10.2.0` are affected.\n\n### Patches\nAll users shall upgrade to version `10.2.1`.\n\n### Workarounds\n\nUntested possible workarounds:\n- It might be possible to limit the number of active connections to the `letmeind` port (default 5800) via firewall.\n- The resource consumption of the service might be restricted with a service manager such as systemd.\n\n### Severity:\n\nIf a (D)DoS is run against the service, *something* is going to be affected.\nThe connection limiter assures that the effect on the system itself is limited at the expense of the effect on the letmein services itself.\nSo even with the connection limiter active, a (D)DoS can lead to a less responsive or unresponsive letmein service.",
  "id": "GHSA-jpv7-p47h-f43j",
  "modified": "2025-06-27T23:08:47Z",
  "published": "2025-06-23T21:24:59Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/mbuesch/letmein/security/advisories/GHSA-jpv7-p47h-f43j"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52570"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mbuesch/letmein/commit/43207cd77580410d97165d1e3c07361ba6f3558c"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/mbuesch/letmein"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
      "type": "CVSS_V4"
    }
  ],
  "summary": "letmein connection limiter allows an arbitrary amount of simultaneous connections"
}

fkie_cve-2025-52570

Vulnerability from fkie_nvd

Published

2025-06-24 04:15

Modified

2025-06-26 18:58

Severity ?

1.7 (Low) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U

Summary

References

▼	URL	Tags
	security-advisories@github.com	https://github.com/mbuesch/letmein/commit/43207cd77580410d97165d1e3c07361ba6f3558c
	security-advisories@github.com	https://github.com/mbuesch/letmein/security/advisories/GHSA-jpv7-p47h-f43j

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Letmein is an authenticating port knocker. Prior to version 10.2.1, The connection limiter is implemented incorrectly. It allows an arbitrary amount of simultaneously incoming connections (TCP, UDP and Unix socket) for the services letmeind and letmeinfwd. Therefore, the command line option num-connections is not effective and does not limit the number of simultaneously incoming connections. This issue has been patched in version 10.2.1."
    },
    {
      "lang": "es",
      "value": "Letmein es un bloqueador de puertos de autenticaci\u00f3n. Antes de la versi\u00f3n 10.2.1, el limitador de conexiones estaba implementado incorrectamente. Permit\u00eda un n\u00famero arbitrario de conexiones entrantes simult\u00e1neas (TCP, UDP y socket Unix) para los servicios letmeind y letmeinfwd. Por lo tanto, la opci\u00f3n de l\u00ednea de comandos num-connections no es efectiva y no limita el n\u00famero de conexiones entrantes simult\u00e1neas. Este problema se ha corregido en la versi\u00f3n 10.2.1."
    }
  ],
  "id": "CVE-2025-52570",
  "lastModified": "2025-06-26T18:58:14.280",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "PRESENT",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 1.7,
          "baseSeverity": "LOW",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "UNREPORTED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "LOW",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-06-24T04:15:50.360",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/mbuesch/letmein/commit/43207cd77580410d97165d1e3c07361ba6f3558c"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/mbuesch/letmein/security/advisories/GHSA-jpv7-p47h-f43j"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        },
        {
          "lang": "en",
          "value": "CWE-799"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-52570 (GCVE-0-2025-52570)

Vulnerability from cvelistv5

ghsa-jpv7-p47h-f43j

Vulnerability from github

Impact

Affected versions

Patches

Workarounds

Severity:

fkie_cve-2025-52570

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature