Skip to main content

CAPEv2 CVE-2025-61301

HIGH
Uncontrolled Resource Consumption (CWE-400)
2025-10-20 cve@mitre.org
7.5
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jul 05, 2026 - 03:01 vuln.today

DescriptionCVE.org

Denial-of-analysis in reporting/mongodb.py and reporting/jsondump.py in CAPEv2 (commit 52e4b43, on 2025-05-17) allows attackers who can submit samples to cause incomplete or missing behavioral analysis reports by generating deeply nested or oversized behavior data that trigger MongoDB BSON limits or orjson recursion errors when the sample executes in the sandbox.

AnalysisAI

Denial-of-analysis in CAPEv2, the open-source malware analysis sandbox, lets anyone able to submit a sample sabotage the platform's own reporting pipeline. A crafted sample that emits deeply nested or oversized behavior data trips MongoDB BSON size limits or orjson recursion errors in reporting/mongodb.py and reporting/jsondump.py, causing the behavioral report to be truncated or dropped entirely. Rated CVSS 7.5 (availability-only); EPSS is modest at 0.39% (31st percentile) and there is no public exploit identified at time of analysis, though the vector is trivial for anyone who can run a sample.

Share

CVE-2025-61301 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy