CVE-2025-68272

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-68272

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68272.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-68272

Aliases

GHSA-7rqc-ff8m-7j23

Published

2026-01-01T18:08:06.947Z

Modified

2026-01-08T05:41:30.854733Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Signal K Server Vulnerable to Denial of Service via Unrestricted Access Request Flooding

Details

Signal K Server is a server application that runs on a central hub in a boat. A Denial of Service (DoS) vulnerability in versions prior to 2.19.0 allows an unauthenticated attacker to crash the SignalK Server by flooding the access request endpoint (/signalk/v1/access/requests). This causes a "JavaScript heap out of memory" error due to unbounded in-memory storage of request objects. Version 2.19.0 fixes the issue.

Database specific

{
    "cwe_ids": [
        "CWE-400",
        "CWE-770"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68272.json"
}

References

Affected packages

Git / github.com/signalk/signalk-server

Affected ranges

Type: GIT
Repo: https://github.com/signalk/signalk-server
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3037c517bb8de70c4b74b61192c57d6176731571

Affected versions

0.*

0.1.1

0.1.10

0.1.11

0.1.12

0.1.13

0.1.18

0.1.19

0.1.2

0.1.3

0.1.4

0.1.5

0.1.6

0.1.7

0.1.8

0.1.9

Other

latest

v0.*

v0.1.24

v0.1.26

v0.1.27

v0.1.28

v0.1.29

v0.1.30

v0.1.33

v1.*

v1.0.0

v1.0.0-0

v1.0.0-1

v1.0.0-2

v1.0.0-3

v1.0.0-4

v1.1.0

v1.1.1

v1.1.2

v1.10.0

v1.10.1

v1.10.2

v1.12.0

v1.13.0

v1.13.1

v1.14.0

v1.15.0

v1.16.0

v1.17.0

v1.18.0

v1.19.0

v1.19.0-beta.2

v1.2.0

v1.2.1

v1.2.2

v1.2.3

v1.2.4

v1.20.0

v1.21.0

v1.22.0

v1.23.0

v1.24.0

v1.25.0

v1.26.0

v1.27.0

v1.27.1

v1.28.0

v1.29.0

v1.3.0

v1.30.0

v1.31.0

v1.32.0

v1.32.0-beta.1

v1.32.0-beta.2

v1.32.0-beta.3

v1.33.0

v1.33.0-beta.1

v1.34.0

v1.35.0

v1.35.1

v1.35.2

v1.36.0

v1.36.0-beta.1

v1.36.0-beta.2

v1.36.0-beta.3

v1.37.0

v1.37.0-beta.1

v1.37.0-beta.3

v1.37.1

v1.37.2

v1.37.3

v1.37.4

v1.37.5

v1.37.6

v1.38.0

v1.38.1

v1.39.0

v1.4.0

v1.4.1

v1.4.2

v1.4.3

v1.40.0

v1.41.0

v1.41.0-beta.1

v1.41.0-beta.2

v1.41.0-beta.3

v1.41.0-beta.4

v1.41.1

v1.41.2

v1.41.3

v1.42.0

v1.43.0

v1.44.0

v1.45.0

v1.46.0

v1.46.1

v1.46.2

v1.46.3

v1.5.0

v1.6.0

v1.7.0

v1.7.1

v1.8.0

v1.9.0

v1.9.1

v2.*

v2.0.0

v2.0.0-beta.10

v2.0.0-beta.11

v2.0.0-beta.12

v2.0.0-beta.2

v2.0.0-beta.3

v2.0.0-beta.4

v2.0.0-beta.5

v2.0.0-beta.6

v2.0.0-beta.7

v2.0.0-beta.8

v2.0.0-beta.9

v2.1.0

v2.1.1

v2.10.0

v2.11.0

v2.12.0

v2.13.0

v2.13.0-beta.0

v2.13.0-beta.1

v2.13.0-beta.2

v2.13.0-beta.3

v2.13.1

v2.13.2

v2.13.3

v2.13.4

v2.13.5

v2.14.0

v2.14.0-beta.0

v2.14.0-beta.1

v2.14.1

v2.14.2

v2.14.3

v2.14.4

v2.15.0

v2.15.0-beta.5

v2.15.0-beta.6

v2.15.1

v2.15.2

v2.15.3

v2.16.0

v2.17.0

v2.17.1

v2.17.2

v2.18.0

v2.19.0-beta.1

v2.19.0-beta.2

v2.19.0-beta.3

v2.19.0-beta.4

v2.19.0-beta.5

v2.2.0

v2.3.0

v2.3.1

v2.4.1

v2.5.0

v2.6.0

v2.6.1

v2.6.2

v2.7.0

v2.7.1

v2.7.2

v2.8.0

v2.8.1

v2.8.2

v2.8.3

v2.9.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68272.json"