May 13, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Microsoft’s Symlink Update Introduces New DoS Vulnerability
April 25, 2025Cyberattack Targets Exposed MS-SQL Servers
April 25, 2025Microsoft’s Symlink Update Introduces New DoS Vulnerability
April 25, 2025Cyberattack Targets Exposed MS-SQL Servers
April 25, 2025
Severity
Medium
Analysis Summary
CVE-2025-26413 CVSS:5.3
Apache Kvrocks is vulnerable to a denial of service, caused by the failure to check if the 'offset' input is a positive integer by the SETRANGE command. By using the input as an index of a string and the index being out of range, a remote attacker could cause the server to crash.
CVE-2025-27820 CVSS:7.5
Apache HttpClient could allow a remote attacker to bypass cookie management and host name verification, caused by a flaw in the PSL validation logic.
Impact
- Denial of Service
- Security Bypass
Indicators of Compromise
CVE
CVE-2025-26413
CVE-2025-27820
Affected Vendors
Apache
Affected Products
- Apache Kvrocks - 2.11.1
- Apache HttpClient - 5.4.0 - 5.4.1 - 5.4.2
Remediation
Upgrade to the latest version, available from the Apache Website.
