CVE-2025-27911
CVE-2025-27911 is a medium-severity vulnerability in Datalust Seq with a CVSS 3.x base score of 6.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-770.
Key facts
- Severity: Medium (CVSS 3.x base score 6.5)
- EPSS exploit prediction: 0% (31st percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2025-7819
- Weakness: CWE-770
- Affected product: Datalust Seq
- Published:
- Last modified:
Description
An issue was discovered in Datalust Seq before 2024.3.13545. Expansion of identifiers in message templates can be used to bypass the system "Event body limit bytes" setting, leading to increased resource consumption. With sufficiently large events, there can be disk space exhaustion (if saved to disk) or a termination of the server process with an out-of-memory error.
Frequently asked questions
- What is CVE-2025-27911?
- An issue was discovered in Datalust Seq before 2024.3.13545. Expansion of identifiers in message templates can be used to bypass the system "Event body limit bytes" setting, leading to increased resource consumption. With sufficiently large events, there can be disk space exhaustion (if saved to disk) or a termination of the server process with an out-of-memory error.
- How severe is CVE-2025-27911?
- CVE-2025-27911 has a CVSS 3.x base score of 6.5, rated medium severity. It is exploitable over network with low attack complexity, requires low privileges and no user interaction. Impact on confidentiality is none, integrity none, and availability high.
- Is CVE-2025-27911 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (31st percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2025-27911?
- CVE-2025-27911 affects Datalust Seq. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2025-27911?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2025-27911 have an EU (EUVD) identifier?
- Yes. CVE-2025-27911 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-7819.
- When was CVE-2025-27911 published?
- CVE-2025-27911 was published on 2025-03-11 and last updated on 2026-06-17.
References
Affected products (1)
- cpe:2.3:a:datalust:seq:*:*:*:*:*:*:*:*
More vulnerabilities in Datalust Seq
- CVE-2018-8096 — Critical (CVSS 9.8): Datalust Seq before 4.2.605 is vulnerable to Authentication Bypass (with the attacker obtaining admin access) via…
- CVE-2024-29866 — Critical (CVSS 9.1): Datalust Seq before 2023.4.11151 and 2024 before 2024.1.11146 has Incorrect Access Control because a Project Owner or…
- CVE-2025-27912 — High (CVSS 8.8): An issue was discovered in Datalust Seq before 2024.3.13545. Missing Content-Type validation can lead to CSRF when (1)…
- CVE-2021-41329 — Medium (CVSS 6.5): Datalust Seq before 2021.2.6259 allows users (with view filters applied to their accounts) to see query results not…
- CVE-2024-58102 — Medium (CVSS 5.7): An issue was discovered in Datalust Seq before 2024.3.13545. An insecure default parsing depth limit allows stack…
- CVE-2023-38195 — Medium (CVSS 4.9): Datalust Seq before 2023.2.9489 allows insertion of sensitive information into an externally accessible file or…
All CVEs affecting Datalust Seq →
Other CWE-770 (Allocation of Resources Without Limits or Throttling) vulnerabilities
- CVE-2026-31283 — Critical (CVSS 9.8): In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email…
- CVE-2020-37067 — Critical (CVSS 9.8): Filetto 1.0 FTP server contains a denial of service vulnerability in the FEAT command processing that allows attackers…
- CVE-2021-47875 — Critical (CVSS 9.8): GeoGebra CAS Calculator 6.0.631.0 contains a denial of service vulnerability that allows attackers to crash the…
- CVE-2025-11832 — Critical (CVSS 9.8): Allocation of Resources Without Limits or Throttling vulnerability in Azure Access Technology BLU-IC2, Azure Access…
- CVE-2024-44241 — Critical (CVSS 9.8): The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, macOS Sequoia…
- CVE-2022-3439 — Critical (CVSS 9.8): Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0.
Browse all CWE-770 (Allocation of Resources Without Limits or Throttling) vulnerabilities →