Denial of Service Vulnerability in Apereo CAS by Apereo
CVE-2025-3985
Key Information:
Badges
What is CVE-2025-3985?
A vulnerability has been identified in Apereo CAS version 5.2.6 that allows remote attackers to exploit inefficient regular expression complexity in the ResponseEntity function. This could lead to a denial of service, as the vulnerability can be triggered by manipulating query arguments. The exploit has been publicly disclosed, raising concerns for users of this version. Despite early disclosure to the vendor, no response has been received, highlighting the urgency for affected users to secure their installations.
Affected Version(s)
CAS 5.2.6
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
