CVE-2025-1695
MEDIUMNGINX Unit 1.29.1-1.34.1 - Denial of Service via Java Language Module Infinite Loop
Title source: llmDescription
In NGINX Unit before version 1.34.2 with the Java Language Module in use, undisclosed requests can lead to an infinite loop and cause an increase in CPU resource utilization. This vulnerability allows a remote attacker to cause a degradation that can lead to a limited denial-of-service (DoS). There is no control plane exposure; this is a data plane issue only. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://my.f5.com/manage/s/article/K000149959
Scores
CVSS v3
5.3
EPSS
0.0055
EPSS Percentile
41.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-835
Status
published
Products (1)
f5/nginx_unit
1.29.1 - 1.34.2
Published
Mar 04, 2025
Tracked Since
Feb 18, 2026