CVE-2025-61301

HIGH

CAPEv2 - Denial of Service via Oversized Behavior Data

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-61301. PoCs published by adminlove520, eGkritsis.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2025-61301, a denial-of-analysis vulnerability in CAPEv2. It explains the root cause, impact, and exploitation mechanism, including MongoDB BSON limits and orjson recursion errors.

Description

Denial-of-analysis in reporting/mongodb.py and reporting/jsondump.py in CAPEv2 (commit 52e4b43, on 2025-05-17) allows attackers who can submit samples to cause incomplete or missing behavioral analysis reports by generating deeply nested or oversized behavior data that trigger MongoDB BSON limits or orjson recursion errors when the sample executes in the sandbox.

Exploits (2)

github WRITEUP 2 stars

by adminlove520 · pythonpoc

https://github.com/adminlove520/CVE-Poc_All_in_One/tree/main/2025/CVE-2025-61301

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2025-61301, a denial-of-analysis vulnerability in CAPEv2. It explains the root cause, impact, and exploitation mechanism, including MongoDB BSON limits and orjson recursion errors.

Classification

Writeup 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: CAPEv2 (commit 52e4b43)

No auth needed

Prerequisites: ability to submit samples to CAPEv2 · CAPEv2 configured with default MongoDB and orjson limits

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 27, 2026 Full analysis →

nomisec WORKING POC 2 stars

by eGkritsis · poc

https://github.com/eGkritsis/CVE-2025-61301

View Code ZIP pw:eip

This PoC demonstrates a denial-of-analysis vulnerability in CAPEv2 by spawning 5,000 processes and performing multi-round XOR decryption, causing MongoDB BSON limits and orjson recursion errors. It results in incomplete or missing behavioral analysis reports.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: CAPEv2 (commit 52e4b43)

No auth needed

Prerequisites: Ability to submit samples to CAPEv2 sandbox · CAPEv2 configured with default MongoDB and orjson limits

MITRE ATT&CK

T1499 - Endpoint Denial of Service T1055 - Process Injection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Various Sources

http://capev2.com

Various Sources

https://github.com/eGkritsis/CVE-2025-61301

Various Sources

https://github.com/kevoreilly/CAPEv2

Scores

CVSS v3 7.5

EPSS 0.0036

EPSS Percentile 27.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-400

Status published

Published Oct 20, 2025

Tracked Since Feb 18, 2026