CVE-2025-6998 Information

Jul 25, 2025 cve

Description

ReDoS in strip_whitespaces() function in cps/string_helper.py in janeczku Calibre Web 0.6.24 (Nicolette) allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login.

ReDoS in strip_whitespaces() function in cps/string_helper.py in gelbphoenix Autocaliweb 0.7.0 on allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login.

Reference

https://fluidattacks.com/advisories/megadeth https://github.com/gelbphoenix/autocaliweb https://github.com/janeczku/calibre-web

CNNVD-202507-3115 (Published: 2025-07-24)

Share on:

CVE-2025-6998 Information

Description

Reference

Related CNNVD