CVE-2025-27911
MEDIUMDatalust Seq < 2024.3.13545 - Denial of Service via Message Template Identifier Expansion
Title source: llmDescription
An issue was discovered in Datalust Seq before 2024.3.13545. Expansion of identifiers in message templates can be used to bypass the system "Event body limit bytes" setting, leading to increased resource consumption. With sufficiently large events, there can be disk space exhaustion (if saved to disk) or a termination of the server process with an out-of-memory error.
References (2)
Core 2
Core References
Product
https://datalust.co/seq
Issue Tracking, Vendor Advisory
https://github.com/datalust/seq-tickets/issues/2365
Scores
CVSS v3
6.5
EPSS
0.0039
EPSS Percentile
31.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-770
Status
published
Products (1)
datalust/seq
< 2024.3.13545
Published
Mar 11, 2025
Tracked Since
Feb 18, 2026