{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2025-67899", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "state": "PUBLISHED", "assignerShortName": "mitre", "dateReserved": "2025-12-14T22:17:41.925Z", "datePublished": "2025-12-14T22:17:42.217Z", "dateUpdated": "2025-12-15T23:04:11.694Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "uriparser", "vendor": "uriparser project", "versions": [{"lessThanOrEqual": "0.9.9", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.9, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-674", "description": "CWE-674 Uncontrolled Recursion", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-12-14T22:21:22.895Z"}, "references": [{"url": "https://github.com/uriparser/uriparser/issues/282"}, {"url": "https://github.com/uriparser/uriparser/pull/284"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:uriparser_project:uriparser:*:*:*:*:*:*:*:*", "versionEndIncluding": "0.9.9"}]}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-15T16:21:16.378389Z", "id": "CVE-2025-67899", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-15T16:21:23.586Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2025/12/15/1"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-12-15T23:04:11.694Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2025/12/15/1"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-12-15T23:04:11.694Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-67899", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-15T16:21:16.378389Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-15T16:21:19.068Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.9, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "uriparser project", "product": "uriparser", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "0.9.9"}], "defaultStatus": "unknown"}], "references": [{"url": "https://github.com/uriparser/uriparser/issues/282"}, {"url": "https://github.com/uriparser/uriparser/pull/284"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "descriptions": [{"lang": "en", "value": "uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-674", "description": "CWE-674 Uncontrolled Recursion"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:uriparser_project:uriparser:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "0.9.9"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-12-14T22:21:22.895Z"}}}, "cveMetadata": {"cveId": "CVE-2025-67899", "state": "PUBLISHED", "dateUpdated": "2025-12-15T23:04:11.694Z", "dateReserved": "2025-12-14T22:17:41.925Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-12-14T22:17:42.217Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas."}], "id": "CVE-2025-67899", "lastModified": "2025-12-15T23:15:57.293", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.9, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 1.4, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2025-12-14T23:15:37.033", "references": [{"source": "cve@mitre.org", "url": "https://github.com/uriparser/uriparser/issues/282"}, {"source": "cve@mitre.org", "url": "https://github.com/uriparser/uriparser/pull/284"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2025/12/15/1"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-674"}], "source": "cve@mitre.org", "type": "Secondary"}]}

{"bugzilla": {"description": "uriparser: uriparser: Unbounded recursion and stack consumption via large input", "id": "2422120", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2422120"}, "csaw": false, "cvss3": {"cvss3_base_score": "2.9", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-674", "details": ["uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas.", "A flaw was found in uriparser. This vulnerability allows unbounded recursion and stack consumption via large input containing many commas."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2025-67899", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "uriparser", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Fix deferred", "package_name": "uriparser", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}], "public_date": "2025-12-14T22:17:42Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-67899\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-67899\nhttps://github.com/uriparser/uriparser/issues/282\nhttps://github.com/uriparser/uriparser/pull/284"], "statement": "This vulnerability is rated Low for Red Hat because it requires local access and a specially crafted URI to trigger unbounded recursion, leading to stack consumption. The attack complexity is high, limiting its practical impact in most Red Hat deployments.", "threat_severity": "Low"}