CVE-2025-53634 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-53634 PUBLISHED CVSS 8.699999809265137 HIGH

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could cause Denial of Service (DoS). Exploitation does not require authentication nor authorization, so anyone can exploit it. It should nonetheless not be exploitable as it is highly recommended to bury Chall-Manager deep within the infrastructure due to its large capabilities, so no users could reach the system. Patch has been implemented by commit 1385bd8 and shipped in v0.1.4.

EPSS 0.17% · 37.8th percentile

Risk Scores

CVSS v4.0

8.699999809265137

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS Score

0.17%

37.8th percentile

Affected Products

Vendor	Product	Versions
github.com	ctfer-io/chall-manager	0
ctfer-io	chall-manager	< 0.1.4, 0

Timeline

Jan 21, 1970 Security Advisory
Jul 10, 2025 CVE Published
Jul 10, 2025 Coalition ESS Score
Jul 11, 2025 EPSS Score
Jul 15, 2025 Coalition ESS Score
Jul 20, 2025 EPSS Score
Jul 29, 2025 EPSS Score
Aug 7, 2025 EPSS Score
Aug 14, 2025 CVE Updated
Aug 14, 2025 Coalition ESS Score
Aug 15, 2025 EPSS Score
Aug 22, 2025 Coalition ESS Score

References

Open in Interactive Console →