Regular Expression Denial of Service Vulnerability in PowSyBl Framework
CVE-2025-48059

2.7LOW

Key Information:

Vendor

Powsybl

Status
Powsybl-core
Vendor
CVE Published:
20 June 2025

What is CVE-2025-48059?

The PowSyBl framework, specifically within the RegexCriterion class, is susceptible to a regular expression denial of service (ReDoS) due to its handling of unvalidated user-supplied regular expressions. This vulnerability can lead to excessive CPU consumption when the regular expressions are evaluated, particularly during operations on large network models. Attackers could exploit this by repeatedly triggering recursive processing of filters, resulting in severe performance degradation. Users are advised to upgrade to the patched versions available in com.powsybl:powsybl-iidm-criteria 6.7.2 to mitigate this risk.

Affected Version(s)

powsybl-core >= 6.3.0, < 6.7.2 < 6.3.0, 6.7.2

powsybl-core >= 5.0.0, < 6.3.0 < 5.0.0, 6.3.0

References

https://github.com/powsybl/powsybl-core/security/advisori...
x_refsource_CONFIRM
https://github.com/powsybl/powsybl-core/commit/d8398f689a...
x_refsource_MISC
https://github.com/powsybl/powsybl-core/releases/tag/v6.7.2
x_refsource_MISC

CVSS V4

Score:
2.7
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.