CVE-2025-5031 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-5031 PUBLISHED CVSS 2.299999952316284 LOW

A vulnerability was found in Ackites KillWxapkg up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the component wxapkg File Decompression Handler. The manipulation leads to resource consumption. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.

EPSS 0.32% · 54.7th percentile

Risk Scores

CVSS v4.0

2.299999952316284

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

EPSS Score

0.32%

54.7th percentile

Affected Products

Vendor	Product	Versions
github.com	Ackites/KillWxapkg	0, 0
Ackites	KillWxapkg	2.4.0, 2.4.1, 2.4.0

Timeline

May 21, 2025 CVE Published
May 21, 2025 PoC Published
May 22, 2025 EPSS Score
May 27, 2025 Coalition ESS Score
Jun 2, 2025 EPSS Score
Jun 12, 2025 EPSS Score
Jun 20, 2025 Coalition ESS Score
Jun 23, 2025 EPSS Score
Jul 3, 2025 EPSS Score
Jul 14, 2025 EPSS Score
Jul 25, 2025 EPSS Score
Aug 4, 2025 EPSS Score

References

VDB-309851 | Ackites KillWxapkg wxapkg File Decompression resource consumption vdb
VDB-309851 | CTI Indicators (IOB, IOC, TTP) url
Submit #580524 | KillWxapkg v2.4.1 Denial of Service third-party-advisory
https://github.com/Ackites/KillWxapkg/issues/86 issue
https://github.com/Ackites/KillWxapkg/issues/86#issue-3053628148 exploit
https://nvd.nist.gov/vuln/detail/CVE-2025-5031 advisory
https://github.com/Ackites/KillWxapkg package

Open in Interactive Console →