CVE-2025-32959: Cuba has a DoS in the File Storage
(updated )
The local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files, potentially causing the server to run out of space and return HTTP 500 error, resulting in a denial of service.
The severity of the vulnerability is mitigated by the fact that the application UI and the generic REST API are typically accessible only to authenticated users.
References
- docs.jmix.io/jmix/files-vulnerabilities.html
- docs.jmix.io/jmix/files-vulnerabilities.html
- github.com/advisories/GHSA-w3mp-6vrj-875g
- github.com/cuba-platform/cuba
- github.com/cuba-platform/cuba/commit/42b6c00fd0572b8e52ae31afd1babc827a3161a1
- github.com/cuba-platform/cuba/security/advisories/GHSA-w3mp-6vrj-875g
- github.com/jmix-framework/jmix/security/advisories/GHSA-f3gv-cwwh-758m
- nvd.nist.gov/vuln/detail/CVE-2025-32959
Code Behaviors & Features
Detect and mitigate CVE-2025-32959 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →