Denial of Service Vulnerability in Outsystems Platform Server by Outsystems
CVE-2025-61258

7.5HIGH

Key Information:

Vendor: Outsystems
Status: Outsystems Platform Server
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-61258?

A vulnerability in Outsystems Platform Server 11.18.1.37828 allows attackers to exploit mismatches between the content-length and the actual body length of HTTP requests. By sending specially crafted requests, attackers can trigger a denial of service, leading to service interruptions. Organizations using this version should implement immediate security measures to mitigate potential disruptions.

References

https://www.outsystems.com/

https://balwurk.com/

https://balwurk.github.io/CVE-2025-61258/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Sep 26, 2025

CVE-2025-61258 Data

JSON