CNNVD-202509-2701 Information
CNNVD ID
CNNVD-202509-2701
Related CVE
- CNNVD Published: 2025-09-17
Description (Chinese)
CISA Thorium是美国网络安全与基础设施安全局(CISA)政府部门的一个高度可扩展的分布式恶意软件分析和数据生成框架。 CISA Thorium 1.1.1之前版本存在安全漏洞,该漏洞源于未对发送账户验证邮件的请求进行速率限制,可能导致远程未经验证的攻击者发送无限消息。
Description (English)
CISA Thorium is a highly scalable, distributed malware analysis and data generation framework for the United States Cyber Security and Infrastructure Security Agency (CISA) government departments. There was a security loophole in the previous version of CISA Thorium 1.1.1, which stemmed from the lack of speed limits on requests to send accounts for the authentication of mail, which could lead to unlimited information being sent by remote unverified assailants.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Cisofy
Published
2025-09-17
Last Modified
2026-02-24
References
https://github.com/cisagov/thorium/commit/7c94a0b9bc2dc55e0c307360452f348bac06820c#diff-bf9baa11b76cd169902a976bd17a5a6ee95a4098b2d3d150ba7d8f85b7e21dc9R281-R334 https://github.com/cisagov/thorium/releases/tag/1.1.1 https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-259-01.json https://www.cve.org/CVERecord?id=CVE-2025-35432
Patch
https://github.com/cisagov/thorium/releases
Share on: