CNNVD-202510-2573 Information

CNNVD ID

CNNVD-202510-2573

Related CVE

CVE-2025-61301

• CNNVD Published: 2025-10-20

Description (Chinese)

CAPE是Kevin OReilly个人开发者的一个恶意软件沙箱。 CAPE存在安全漏洞，该漏洞源于reporting/mongodb.py和reporting/jsondump.py中存在分析拒绝漏洞，攻击者可提交样本生成深度嵌套或过大的行为数据，触发MongoDB BSON限制或orjson递归错误，导致行为分析报告不完整或缺失。

Description (English)

CAPE is a malware sandbox for Kevin Oreilly’s personal developer. CAPE has a security loophole, which stems from the existence of an analytical rejection loophole in reports/mongodb.py and reporting/jsondump.py, where the assailant can submit sample-generated deep nested or excessive behavioural data that triggers the MongoDB BSON restriction or orjson ’ s regression error, resulting in incomplete or missing behavioural analysis.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-10-20

Last Modified

2026-02-24

References

https://github.com/eGkritsis/CVE-2025-61301 https://github.com/kevoreilly/CAPEv2 http://capev2.com https://access.redhat.com/security/cve/cve-2025-61301