Description

CUBA Platform is a high level framework for enterprise applications development. Prior to version 7.2.23, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files, potentially causing the server to run out of space and return HTTP 500 error, resulting in a denial of service. This issue has been patched in version 7.2.23. A workaround is provided on the Jmix documentation website.

INFO

Published Date :

2025-04-22T17:45:00.340Z

Last Modified :

2025-04-22T18:50:33.199Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-32959 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-32959.

URL Resource
https://docs.jmix.io/jmix/files-vulnerabilities.html cve-icon cve-icon
https://docs.jmix.io/jmix/files-vulnerabilities.html#disable-files-endpoint-in-cuba-application cve-icon cve-icon
https://github.com/cuba-platform/cuba/commit/42b6c00fd0572b8e52ae31afd1babc827a3161a1 cve-icon cve-icon
https://github.com/cuba-platform/cuba/security/advisories/GHSA-w3mp-6vrj-875g cve-icon cve-icon
https://github.com/jmix-framework/jmix/security/advisories/GHSA-f3gv-cwwh-758m cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact