How severe is CVE-2025-25069?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2025-25069?

This is classified as CWE-115, which is a common weakness in software security.

CVE-2025-25069 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks. Since Kvrocks didn't detect if "Host:" or "POST" appears in RESP requests, a valid HTTP request can also be sent to Kvrocks as a valid RESP request and trigger some database operations, which can be dangerous when it is chained with SSRF. It is similiar to CVE-2016-10517 in Redis. This issue affects Apache Kvrocks: from the initial version to the latest version 2.11.0. Users are recommended to upgrade to version 2.11.1, which fixes the issue.

Related Vulnerabilities

CVE-2022-1233

MEDIUM

CVSS:6.5(Medium)

URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11.

CWE-1152022

CVE-2022-21672

MEDIUM

CVSS:6.5(Medium)

make-ca is a utility to deliver and manage a complete PKI configuration for workstations and servers. Starting with version 0.9 and prior to version 1.10, make-ca misinterprets Mozilla certdata.txt an...

CWE-1152022

CVE-2023-32260

MEDIUM

CVSS:6.5(Medium)

Misinterpretation of Input vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX), and OpenText™ Hybrid Cloud Management X (HCMX) products. The vulnerabi...

CWE-1152023

CVE-2024-12388

MEDIUM

CVSS:6.5(Medium)

A vulnerability in binary-husky/gpt_academic version 310122f allows for a Regular Expression Denial of Service (ReDoS) attack. The application uses a regular expression to parse user input, which can ...

CWE-1152024

CVE-2020-29509

MEDIUM

CVSS:5.6(Medium)

The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that b...

CWE-1152020

CVE-2020-29510

MEDIUM

CVSS:5.6(Medium)

The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave i...

CWE-1152020