CVE-2025-58451
Cattown is Vulnerable to Uncontrolled Resource Consumption through Inefficient Regular Expression Complexity
Description
### Overview A security review of the Cattown identified multiple weaknesses that could potentially impact its stability and security. ### Affected Versions - All versions below 1.0.2 ### Description of Vulnerabilities 1. CWE-1333: Inefficient Regular Expression Complexity The package used regular expressions with inefficient, potentially exponential worst-case complexity. This can cause excessive CPU usage due to excessive backtracking on crafted inputs, potentially leading to denial of service. 2. CWE-400: Uncontrolled Resource Consumption (Resource Exhaustion) The package was vulnerable to resource exhaustion, where processing malicious inputs could cause high CPU or memory usage, potentially leading to denial of service. ### Impact - Trigger excessive CPU consumption leading to denial of service - Cause resource exhaustion affecting service availability - Bypass protection mechanisms causing unexpected or insecure behavior ### Resolution These vulnerabilities have been fixed in version 1.0.2 of the Cattown. Users are strongly encouraged to upgrade to this version to mitigate the risks. ### Recommendations - Upgrade to Cattown version 1.0.2 or later as soon as possible. - Review and restrict input sources if untrusted inputs are processed. ### Acknowledgments The issues were proactively identified through CodeQL static analysis.
How to fix CVE-2025-58451
To remediate CVE-2025-58451, upgrade the affected package to a fixed version below.
- —upgrade to 1.0.2 or later
Is CVE-2025-58451 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.0.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |