CVE-2025-3986

MEDIUM

Apereo CAS 5.2.6 - Inefficient Regular Expression Complexity

Title source: llm
STIX 2.1

Description

A vulnerability was found in Apereo CAS 5.2.6. It has been declared as problematic. This vulnerability affects unknown code of the file cas-5.2.6\core\cas-server-core-configuration-metadata-repository\src\main\java\org\apereo\cas\metadata\rest\CasConfigurationMetadataServerController.java. The manipulation of the argument Name leads to inefficient regular expression complexity. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

Scores

CVSS v3 4.3
EPSS 0.0059
EPSS Percentile 69.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-1333 CWE-400
Status published
Products (2)
apereo/central_authentication_service 5.2.6
org.apereo.cas/cas-server-core-configuration-metadata-repository 0Maven
Published Apr 27, 2025
Tracked Since Feb 18, 2026