Security Advisory

CVE-2025-6998

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-07-24 19:39:17

Last updated 2025-07-25 13:17:33

Assigner Fluid Attacks

State PUBLISHED

Description

ReDoS in strip_whitespaces() function in cps/string_helper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login. This issue affects Calibre Web: 0.6.24 (Nicolette); Autocaliweb: from 0.7.0 before 0.7.1.

← Browse all CVEs View on cve.org ↗