Denial of Service Vulnerability in Bugsink by Bugsink Inc.
CVE-2025-64509

7.5HIGH

Key Information:

Vendor

Bugsink

Status
Bugsink
Vendor
CVE Published:
10 November 2025

What is CVE-2025-64509?

In Bugsink, a self-hosted error tracking tool, versions prior to 2.0.6 are susceptible to a vulnerability that allows an attacker to exploit a specially crafted Brotli-compressed envelope. This exploitation can lead to significant CPU exhaustion during the decompression process, resulting in a denial of service. The vulnerability arises when the Data Source Name (DSN) is known, a common scenario in various deployments such as JavaScript and mobile applications. The issue has been resolved in Bugsink version 2.0.6, although it shares similarities with another Brotli-related vulnerability in the system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

bugsink < 2.0.6

References

https://github.com/bugsink/bugsink/security/advisories/GH...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.