Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
2DescriptionCVE.org
An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthenticated requests. This is a regression of the CVE-2014-8124 fix.
AnalysisAI
OpenStack Horizon 25.6 and 25.7 before 25.7.3 allows unauthenticated remote attackers to exhaust session storage backend resources through repeated requests that trigger write operations prior to authentication, causing denial of service. This is a regression of CVE-2014-8124 and is assigned CVSS 5.3 (network-based, low complexity, no authentication required).
Technical ContextAI
OpenStack Horizon is the web-based management dashboard for OpenStack cloud infrastructure. The vulnerability stems from a session management flaw (CWE-696: Incorrect Behavior Order) where the application writes session data to the backend storage layer before validating user credentials. Session storage backends (typically Redis, Memcached, or database) have finite capacity; an attacker can craft rapid unauthenticated requests that each create a session entry, exhausting available storage space and rendering the dashboard unavailable to legitimate users. This reintroduces a design flaw previously patched in CVE-2014-8124, indicating a regression in code that was later modified.
RemediationAI
Upgrade OpenStack Horizon to version 25.7.3 or later immediately. For Horizon 25.6 users, upgrade to the next stable release series (26.0 or later when available). If immediate patching is not feasible, implement rate limiting at the reverse proxy or load balancer layer (e.g., nginx rate_limit, HAProxy stick-table) to restrict unauthenticated requests per IP address to a low threshold (e.g., 10 requests per 10 seconds), and monitor session storage backend usage for rapid growth indicating ongoing attacks. Additionally, configure session backend storage with appropriate size limits and eviction policies (LRU or TTL-based) to prevent complete exhaustion. These mitigations reduce but do not eliminate risk; patching is strongly recommended.
In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 and related Meridian versions, any user that has the ROLE_FIL
The Horizon REST API includes a users endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple pl
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation
Session fixation vulnerability in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 allows remote attackers to hijack we
Open redirect vulnerability in views/auth_forms.py in OpenStack Dashboard (Horizon) Essex (2012.1) allows remote attacke
An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and
In OpenNMS Horizon, versions opennms-17.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2
In OpenNMS Horizon, versions opennms-18.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2
OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly i
A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridi
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation
In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation
Same weakness CWE-696 – Incorrect Behavior Order
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-27406
GHSA-vxvf-xvm3-p8j5