CVE-2025-43880
MEDIUMGROWI < 7.1.6 - Authenticated Denial of Service via Inefficient Regular Expression
Title source: llmDescription
Inefficient regular expression complexity issue exists in GROWI prior to v7.1.6. If exploited, a logged-in user may cause a denial of service (DoS) condition.
References (2)
Core 2
Core References
Third Party Advisory
https://jvn.jp/en/jp/JVN21624250/
Issue Tracking
https://github.com/weseek/growi/pull/9487
Scores
CVSS v3
4.3
EPSS
0.0027
EPSS Percentile
18.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-1333
Status
published
Products (1)
GROWI, Inc./GROWI
prior to v7.1.6
Published
Jun 25, 2025
Tracked Since
Feb 18, 2026