CVE-2025-27911

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-27911

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

A

n issue was discovered in Datalust Seq before 2024.3.13545. Expansion of identifiers in message templates can be used to bypass the system "Event body limit bytes" setting, leading to increased resource consumption. With sufficiently large events, there can be disk space exhaustion (if saved to disk) or a termination of the server process with an out-of-memory error.

References
Link Resource
https://datalust.co/seq Product
https://github.com/datalust/seq-tickets/issues/2365 Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:datalust:seq:*:*:*:*:*:*:*:*
History

10 Oct 2025, 20:25

Type Values Removed Values Added
References () https://datalust.co/seq - () https://datalust.co/seq - Product
References () https://github.com/datalust/seq-tickets/issues/2365 - () https://github.com/datalust/seq-tickets/issues/2365 - Issue Tracking, Vendor Advisory
CPE cpe:2.3:a:datalust:seq:*:*:*:*:*:*:*:*
First Time Datalust seq
Datalust

11 Mar 2025, 08:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-11 08:15

Updated : 2025-10-10 20:25

NVD link : CVE-2025-27911

Mitre link : CVE-2025-27911

CVE.ORG link : CVE-2025-27911

JSON object : View

Products Affected

datalust

CWE
CWE-770

Allocation of Resources Without Limits or Throttling