Denial of Service Vulnerability in GROWI by Weseek
CVE-2025-43880

5.3MEDIUM

Key Information:

Vendor: Growi, Inc.
Status: Growi
Vendor: CVE Published:; 25 June 2025

🔔 Create Growi, Inc. Vulnerability Alert

What is CVE-2025-43880?

An inefficient regular expression complexity issue has been identified in GROWI, which allows a logged-in user to potentially trigger a denial of service (DoS) condition. This vulnerability affects versions prior to 7.1.6 and could lead to system instability if exploited. Users are advised to update to the latest version to mitigate this risk. For further details, refer to the relevant patch and announcements provided by Weseek.

Affected Version(s)

GROWI prior to v7.1.6

References

https://github.com/weseek/growi/pull/9487

https://jvn.jp/en/jp/JVN21624250/

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

CVSS V3.0

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2025
Vulnerability Reserved
Jun 13, 2025