VDB
CVE-2025-1695
CVE-2025-1695
PUBLISHED
CVSS 6.900000095367432 MEDIUM
In NGINX Unit before version 1.34.2 with the Java Language Module in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization. This vulnerability allows a remote attacker to cause a degradation that can lead to a limited denial-of-service (DoS). There is no control plane exposure; this is a data plane issue only. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
EPSS 0.27% · 51.1th percentile
Risk Scores
CVSS v4.0
6.900000095367432
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
EPSS Score
0.27%
51.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| F5 | NGINX Unit | 1.11.0, * |
| f5 | nginx_unit | 1.29.1 |
Timeline
- Feb 25, 2025 CVE ID Reserved
- Mar 4, 2025 EPSS Score
- Mar 4, 2025 Coalition ESS Score
- Mar 4, 2025 CVE Published
- Mar 4, 2025 PoC Published
- Mar 4, 2025 CVE Updated
- Mar 14, 2025 Coalition ESS Score
- Mar 18, 2025 EPSS Score
- Apr 1, 2025 EPSS Score
- Apr 14, 2025 EPSS Score
- Apr 28, 2025 EPSS Score
- May 12, 2025 EPSS Score
References
- https://my.f5.com/manage/s/article/K000149959 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-1695 advisory