CVE-2025-49176
HIGH EPSS 21.5%
Published Jun 17, 20251y ago · Modified Jun 17, 20261w ago
7.3 CVSS 3.1
Published Jun 17, 2025 1y ago
Last Modified Jun 17, 2026 1w ago
Description
A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
21.5% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-190 Integer Overflow or Wraparound Numeric Error
References 35
- openwall.com http://www.openwall.com/lists/oss-security/2025/06/18/2
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10258
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10342
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10343
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10344
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10346
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10347
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10348
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10349
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10350
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10351
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10352
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10355
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10356
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10360
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10370
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10374
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10375
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10376
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10377
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10378
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10381
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:10410
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:9303
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:9304
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:9305
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:9306
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:9392
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:9964
- access.redhat.com https://access.redhat.com/security/cve/CVE-2025-49176
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2369954
- gitlab.freedesktop.org https://gitlab.freedesktop.org/xorg/xserver/-/commit/03731b326a80b582e48d939fe62cb1e2b10400d9
- gitlab.freedesktop.org https://gitlab.freedesktop.org/xorg/xserver/-/commit/4fc4d76b2c7aaed61ed2653f997783a3714c4fe1
- lists.debian.org https://lists.debian.org/debian-lts-announce/2025/06/msg00028.html
- x.org https://www.x.org/wiki/Development/Security/
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.