CVE-2025-68480

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-68480
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68480.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-68480
Aliases
Downstream
Related
Published
2025-12-22T21:20:15.958Z
Modified
2025-12-25T03:42:39.248930Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
Marshmallow has DoS in Schema.load(many)
Details

Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.load(data, many=True) is vulnerable to denial of service attacks. A moderately sized request can consume a disproportionate amount of CPU time. This issue has been patched in version 3.26.2 and 4.1.2.

Database specific 
{
    "cwe_ids": [
        "CWE-405"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68480.json"
}
References

Affected packages

Git / github.com/marshmallow-code/marshmallow

Affected ranges

Type
GIT
Repo
https://github.com/marshmallow-code/marshmallow
Events
Introduced
55932fa4e4ba7496f424ed2942d7963051030699
Fixed
1407d5102ae020421ddc8425474e976325a9539e
Database specific 
{
    "versions": [
        {
            "introduced": "3.0.0rc1"
        },
        {
            "fixed": "3.26.2"
        }
    ]
}
Type
GIT
Repo
https://github.com/marshmallow-code/marshmallow
Events
Introduced
84b15960272c16525c945ae99749e505310612a9
Fixed
692e79df9cb03458c0bd215b32ef83d92afb9a47
Database specific 
{
    "versions": [
        {
            "introduced": "4.0.0"
        },
        {
            "fixed": "4.1.2"
        }
    ]
}

Affected versions

2.*

2.17.0
2.18.0
2.18.1
2.19.0
2.19.1
2.19.2
2.19.3
2.19.4
2.19.5
2.20.0
2.20.1
2.20.2
2.20.3
2.20.4
2.20.5
2.21.0

3.*

3.0.0
3.0.0rc1
3.0.0rc2
3.0.0rc3
3.0.0rc4
3.0.0rc5
3.0.0rc6
3.0.0rc7
3.0.0rc8
3.0.0rc9
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.1.0
3.1.1
3.10.0
3.11.0
3.11.1
3.12.0
3.12.1
3.12.2
3.13.0
3.14.0
3.14.1
3.15.0
3.16.0
3.17.0
3.17.1
3.18.0
3.19.0
3.2.0
3.2.1
3.2.2
3.20.0
3.20.1
3.20.2
3.21.0
3.21.1
3.21.2
3.21.3
3.22.0
3.23.0
3.23.1
3.23.2
3.23.3
3.24.0
3.24.1
3.24.2
3.25.0
3.25.1
3.26.0
3.26.1
3.3.0
3.4.0
3.5.0
3.5.1
3.5.2
3.6.0
3.6.1
3.7.0
3.7.1
3.8.0
3.9.0
3.9.1

4.*

4.0.0
4.0.1
4.1.0
4.1.1