CVE-2025-8396 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-8396 PUBLISHED CVSS 6.900000095367432 MEDIUM

Insufficiently specific bounds checking on authorization header could lead to denial of service in the Temporal server on all platforms due to excessive memory allocation.This issue affects all platforms and versions of OSS Server prior to 1.26.3, 1.27.3, and 1.28.1 (i.e., fixed in 1.26.3, 1.27.3, and 1.28.1 and later). Temporal Cloud services are not impacted.

EPSS 0.11% · 30.0th percentile

Risk Scores

CVSS v4.0

6.900000095367432

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/S:N/AU:Y

EPSS Score

0.11%

30.0th percentile

Affected Products

Vendor	Product	Versions
Temporal	OSS Server	0, 1.27.0, 1.28.0
go.temporal.io	server	0, 1.27.0-126.0, 1.28.0-129.0

Timeline

Sep 15, 2025 CVE Published
Sep 16, 2025 EPSS Score
Sep 23, 2025 EPSS Score
Sep 29, 2025 EPSS Score
Oct 6, 2025 EPSS Score
Oct 12, 2025 EPSS Score
Oct 19, 2025 EPSS Score
Oct 25, 2025 EPSS Score
Nov 1, 2025 EPSS Score
Nov 7, 2025 EPSS Score
Nov 10, 2025 CVE Updated
Nov 14, 2025 EPSS Score

References

Open in Interactive Console →