CVE-2025-2813

Published Jul 31, 2025

Last updated 7 months ago

CVSS high 7.5
Port (80)

Overview

Description
An unauthenticated remote attacker can cause a Denial of Service by sending a large number of requests to the http service on port 80.
Source
info@cert.vde.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Primary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity
HIGH

Weaknesses

info@cert.vde.com
CWE-770

Social media

Hype score
Not currently trending

  1. CVE-2025-2813 (CVSS:7.5, HIGH) is Awaiting Analysis. An unauthenticated remote attacker can cause a Denial of Service by sending a large number of requests to the http servi..https://t.co/jCacxC5Ds1 #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    5 Aug 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Related CVEs

  1. METIS DFS devices (versions <= oscore 2.1.234-r18) expose a web-based shell at the /console endpoint that does not require authentication. Accessing this endpoint allows a remote attacker to execute arbitrary operating system commands with 'daemon' privileges. This results in the compromise of the software, granting unauthorized access to modify configuration, read and alter sensitive data, or disrupt services.CVE-2026-2249
  2. Webserver crash caused by scanning on TCP port 80 in Softing Industrial Automation GmbH gateways and switch.This issue affects smartLink HW-PN: from 1.02 through 1.03 smartLink HW-DP: 1.31CVE-2025-10150
  3. Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the code in the scheduler for downloading a tiny file is hard coded to use the HTTP protocol, rather than HTTPS. This means that an attacker could perform a Man-in-the-Middle attack, changing the network request so that a different piece of data gets downloaded. This vulnerability is fixed in 2.1.0.CVE-2025-59410
  4. TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection VulnerabilityCVE-2025-9377
  5. A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource consumption leading to denial-of-service (DoS). By opening streams and then rapidly triggering the server to reset them—using malformed frames or flow control errors—an attacker can exploit incorrect stream accounting. Streams reset by the server are considered closed at the protocol level, even though backend processing continues. This allows a client to cause the server to handle an unbounded number of concurrent streams on a single connection. This CVE will be updated as affected product details are released.CVE-2025-8671

References

Sources include official advisories and independent security research.