Malicious or unintentional API requests can be used to add significant amount of data to caches. Caches may evict information that is required to operate the web frontend, which leads to unavailability of the component. Please deploy the provided updates and patch releases. No publicly available exploits are known
PUBLISHED5.2CWE-400
Problem type
Affected products
Open-Xchange GmbH
OX App Suite
<= 2.1.7 - AFFECTED
References
GitHub Security Advisories
GHSA-rhr5-9wg9-p26f
Malicious or unintentional API requests can be used to add significant amount of data to caches....
https://github.com/advisories/GHSA-rhr5-9wg9-p26fMalicious or unintentional API requests can be used to add significant amount of data to caches. Caches may evict information that is required to operate the web frontend, which leads to unavailability of the component. Please deploy the provided updates and patch releases. No publicly available exploits are known
JSON source
Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2025-30188",
"assignerOrgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"assignerShortName": "OX",
"dateUpdated": "2025-10-31T18:10:29.713Z",
"dateReserved": "2025-03-18T08:39:46.884Z",
"datePublished": "2025-10-31T08:54:41.426Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "8ce71d90-2354-404b-a86e-bec2cc4e6981",
"shortName": "OX",
"dateUpdated": "2025-10-31T08:54:41.426Z"
},
"descriptions": [
{
"lang": "en",
"value": "Malicious or unintentional API requests can be used to add significant amount of data to caches. Caches may evict information that is required to operate the web frontend, which leads to unavailability of the component. Please deploy the provided updates and patch releases. No publicly available exploits are known"
}
],
"affected": [
{
"vendor": "Open-Xchange GmbH",
"product": "OX App Suite",
"modules": [
"ui middleware"
],
"defaultStatus": "unaffected",
"versions": [
{
"version": "0",
"status": "affected",
"versionType": "semver",
"lessThanOrEqual": "2.1.7"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "Uncontrolled Resource Consumption",
"cweId": "CWE-400",
"type": "cwe"
}
]
}
],
"references": [
{
"url": "https://documentation.open-xchange.com/appsuite/security/advisories/csaf/2025/oxas-adv-2025-0002.json",
"tags": [
"vendor-advisory"
]
}
],
"metrics": [
{
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
],
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
}
}
]
},
"adp": [
{
"providerMetadata": {
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP",
"dateUpdated": "2025-10-31T18:10:29.713Z"
},
"title": "CISA ADP Vulnrichment",
"metrics": [
{}
]
}
]
}
}