CVE-2025-30160: Redlib allows a Denial of Service via DEFLATE Decompression Bomb in restore_preferences Form
A vulnerability has been identified in Redlib where an attacker can cause a denial-of-service (DOS) condition by submitting a specially crafted base2048-encoded DEFLATE decompression bomb to the restore_preferences form. This leads to excessive memory consumption and potential system instability, which can be exploited to disrupt Redlib instances. This vulnerability was introduced in 2e95e1fc6e2064ccfae87964b4860bda55eddb9a and fixed in 15147cea8e42f6569a11603d661d71122f6a02dc.
References
- github.com/advisories/GHSA-g8vq-v3mg-7mrg
- github.com/crewjam/saml/security/advisories/GHSA-5mqj-xc49-246p
- github.com/redlib-org/redlib
- github.com/redlib-org/redlib/commit/15147cea8e42f6569a11603d661d71122f6a02dc
- github.com/redlib-org/redlib/commit/2e95e1fc6e2064ccfae87964b4860bda55eddb9a
- github.com/redlib-org/redlib/security/advisories/GHSA-g8vq-v3mg-7mrg
- nvd.nist.gov/vuln/detail/CVE-2025-30160
Code Behaviors & Features
Detect and mitigate CVE-2025-30160 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →