CVE-2025-32952

Source
https://cve.org/CVERecord?id=CVE-2025-32952
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-32952.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-32952
Aliases
Published
2025-04-22T17:32:11.966Z
Modified
2026-04-12T16:10:17.869134Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
io.jmix.localfs:jmix-localfs affected by DoS in the Local File Storage
Details

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files, potentially causing the server to run out of space and return HTTP 500 error, resulting in a denial of service. This issue has been patched in versions 1.6.2 and 2.4.0. A workaround is provided on the Jmix documentation website.

Database specific
{
    "cwe_ids": [
        "CWE-770"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/32xxx/CVE-2025-32952.json"
}
References

Affected packages

Git
github.com/cuba-platform/cuba

Affected ranges

Type
GIT
Repo
https://github.com/cuba-platform/cuba
Events
Database specific
{
    "versions": [
        {
            "introduced": "6.2.0"
        },
        {
            "fixed": "7.2.23"
        }
    ]
}

Database specific

vanir_signatures
[
    {
        "id": "CVE-2025-32952-03606b61",
        "target": {
            "function": "saveStream",
            "file": "modules/core/src/com/haulmont/cuba/core/app/filestorage/FileStorage.java"
        },
        "signature_version": "v1",
        "source": "https://github.com/cuba-platform/cuba/commit/42b6c00fd0572b8e52ae31afd1babc827a3161a1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "154094281552645561377766846870311210537",
            "length": 1480.0
        },
        "deprecated": false
    },
    {
        "id": "CVE-2025-32952-9bf1e190",
        "target": {
            "file": "modules/core/src/com/haulmont/cuba/core/app/ServerConfig.java"
        },
        "signature_version": "v1",
        "source": "https://github.com/cuba-platform/cuba/commit/42b6c00fd0572b8e52ae31afd1babc827a3161a1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "85516700792758930825590373984692801643",
                "110038988501292467352891284695743981511",
                "240740207134093667813046071575955070107",
                "190201739922301247280384152234658188356",
                "153953561482474271954095220872426115230",
                "318283804821084998643334262971990067035",
                "93889483484373201680576286636251137988",
                "160878521615346697613443191163184051177",
                "79937744922200117699829157182311109448",
                "55085444238556529549131815020773098873",
                "260700480681005811560909012912728624057",
                "265000308277612675308238222873266213696",
                "76127233378353261750961425865708810780"
            ],
            "threshold": 0.9
        },
        "deprecated": false
    },
    {
        "id": "CVE-2025-32952-a91835e8",
        "target": {
            "file": "modules/core/src/com/haulmont/cuba/core/app/filestorage/FileStorage.java"
        },
        "signature_version": "v1",
        "source": "https://github.com/cuba-platform/cuba/commit/42b6c00fd0572b8e52ae31afd1babc827a3161a1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "105377438641820252801035230913176238884",
                "109320632837622641046056041512613162667",
                "20925278502916451922664718368765028707",
                "201169683846923176807712341669348993805",
                "113851231452732460528306130170237831865",
                "142781833362797574576531627533472138945",
                "282438525334130075113529403023544374302",
                "176189880099362834086192505201080294328"
            ],
            "threshold": 0.9
        },
        "deprecated": false
    }
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-32952.json"
vanir_signatures_modified
"2026-04-12T16:10:17Z"
github.com/cuba-platform/restapi

Affected ranges

Type
GIT
Repo
https://github.com/cuba-platform/restapi
Events
Database specific
{
    "versions": [
        {
            "introduced": "7.1.1"
        },
        {
            "fixed": "7.2.7"
        }
    ]
}

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-32952.json"
github.com/jmix-framework/jmix

Affected ranges

Type
GIT
Repo
https://github.com/jmix-framework/jmix
Events
Database specific
{
    "versions": [
        {
            "introduced": "1.0.0"
        },
        {
            "fixed": "1.6.2"
        }
    ]
}
Type
GIT
Repo
https://github.com/jmix-framework/jmix
Events
Database specific
{
    "versions": [
        {
            "introduced": "2.0.0"
        },
        {
            "fixed": "2.4.0"
        }
    ]
}

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-32952.json"