CVE-2025-61301

HIGH

CAPEv2 - DoS

Title source: llm

Description

Denial-of-analysis in reporting/mongodb.py and reporting/jsondump.py in CAPEv2 (commit 52e4b43, on 2025-05-17) allows attackers who can submit samples to cause incomplete or missing behavioral analysis reports by generating deeply nested or oversized behavior data that trigger MongoDB BSON limits or orjson recursion errors when the sample executes in the sandbox.

Exploits (2)

github WRITEUP 2 stars

by adminlove520 · pythonpoc

https://github.com/adminlove520/CVE-Poc_All_in_One/tree/main/2025/CVE-2025-61301

View Code ZIP pw:eip

nomisec WORKING POC 2 stars

by eGkritsis · poc

https://github.com/eGkritsis/CVE-2025-61301

View Code ZIP pw:eip

References (3)

[Various Sources] http://capev2.com

[Various Sources] https://github.com/eGkritsis/CVE-2025-61301

[Various Sources] https://github.com/kevoreilly/CAPEv2

Scores

CVSS v3 7.5

EPSS 0.0005

EPSS Percentile 16.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-400

Status published

Published Oct 20, 2025

Tracked Since Feb 18, 2026