- Description
- A vulnerability in Apache Fory allows a remote attacker to cause a Denial of Service (DoS). The issue stems from the insecure deserialization of untrusted data. An attacker can supply a large, specially crafted data payload that, when processed, consumes an excessive amount of CPU resources during the deserialization process. This leads to CPU exhaustion, rendering the application or system using the Apache Fory library unresponsive and unavailable to legitimate users. Users of Apache Fory are strongly advised to upgrade to version 0.12.2 or later to mitigate this vulnerability. Developers of libraries and applications that depend on Apache Fory should update their dependency requirements to Apache Fory 0.12.2 or later and release new versions of their software.
- Source
- security@apache.org
- NVD status
- Analyzed
- Products
- fory
CVSS 3.1
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
- Severity
- MEDIUM
- security@apache.org
- CWE-502
- Hype score
- Not currently trending
CVE-2025-59328 A vulnerability in Apache Fory allows a remote attacker to cause a Denial of Service (DoS). The issue stems from the insecure deserialization of untrusted data. An at… https://t.co/DTcYXgS0PM
@CVEnew
20 Sept 2025
409 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-59328: Apache Fory: Denial of Service (DoS) due to Deserialization of Untrusted malicious large Data https://t.co/y9WtVIWr1B consumes an excessive amount of CPU resources during the deserialization
@oss_security
17 Sept 2025
210 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:fory:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51D43D16-0069-42AE-9D0D-8D692D869AD2",
"versionEndExcluding": "0.12.2",
"versionStartIncluding": "0.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]