Vulnerabilities

CVE-2025-6998

by Fred · 24/07/2025

ReDoS in strip_whitespaces() function in cps/string_helper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login. This issue affects Calibre Web: 0.6.24 (Nicolette); Autocaliweb: from 0.7.0 before 0.7.1.

Assigner : help@fluidattacks.com

More information : https://fluidattacks.com/advisories/megadeth

Similar

Tags: Cybersecurity Alert