How severe is CVE-2025-3985?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 2.7 out of 10.

What type of vulnerability is CVE-2025-3985?

This is classified as CWE-400, which is a common weakness in software security.

CVE-2025-3985

MEDIUM Year: 2025

CVSS v3 Score

2.7

Low

CVSS v2 Score

3.3

Low

Weakness Type

CWE-400

View all →

Vulnerability Description

A vulnerability was found in Apereo CAS 5.2.6. It has been classified as problematic. This affects the function ResponseEntity of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\ManageRegisteredServicesMultiActionController.java. The manipulation of the argument Query leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2021-21296

LOW

CVSS:2.7(Low)

Fleet is an open source osquery manager. In Fleet before version 3.7.0 a malicious actor with a valid node key can send a badly formatted request that causes the Fleet server to exit, resulting in den...

CWE-4002021

CVE-2022-41969

LOW

CVSS:2.7(Low)

Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.11, 24.0.7, and 25.0.0, there is no password length limit when creating a user as an administrator. An administrator ca...

CWE-4002022

CVE-2023-28440

LOW

CVSS:2.7(Low)

Discourse is an open source platform for community discussion. In affected versions a maliciously crafted request from a Discourse administrator can lead to a long-running request and eventual timeout...

CWE-4002023

CVE-2023-37900

LOW

CVSS:2.7(Low)

Crossplane is a framework for building cloud native control planes without needing to write code. In versions prior to 1.11.5, 1.12.3, and 1.13.0, a high-privileged user could create a Package referen...

CWE-4002023

CVE-2024-23824

LOW

CVSS:2.7(Low)

mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in t...

CWE-4002024

CVE-2025-30681

LOW

CVSS:2.7(Low)

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulne...

CWE-4002025

CVE-2025-3985

Vulnerability Description

Related Vulnerabilities

CVE-2021-21296

CVE-2022-41969

CVE-2023-28440

CVE-2023-37900

CVE-2024-23824

CVE-2025-30681