CVE-2025-48058
CVE-2025-48058 is a medium-severity vulnerability with a CVSS 4.0 base score of 6.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-1333.
Key facts
- Severity: Medium (CVSS 4.0 base score 6.3)
- EPSS exploit prediction: 0% (27th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2025-18708
- Weakness: CWE-1333
- Published:
- Last modified:
Description
PowSyBl (Power System Blocks) is a framework to build power system oriented software. Prior to version 6.7.2, there is a potential polynomial Regular Expression Denial of Service (ReDoS) vulnerability in the PowSyBl's DataSource mechanism. If successfully exploited, a malicious actor can cause significant CPU consumption due to regex backtracking — even with polynomial patterns. This issue has been patched in com.powsybl:powsybl-commons: 6.7.2.
Frequently asked questions
- What is CVE-2025-48058?
- PowSyBl (Power System Blocks) is a framework to build power system oriented software. Prior to version 6.7.2, there is a potential polynomial Regular Expression Denial of Service (ReDoS) vulnerability in the PowSyBl's DataSource mechanism. If successfully exploited, a malicious actor can cause significant CPU consumption due to regex backtracking — even with polynomial patterns. This issue has been patched in com.powsybl:powsybl-commons: 6.7.2.
- How severe is CVE-2025-48058?
- CVE-2025-48058 has a CVSS 4.0 base score of 6.3, rated medium severity.
- Is CVE-2025-48058 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (27th percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2025-48058?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2025-48058 have an EU (EUVD) identifier?
- Yes. CVE-2025-48058 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-18708.
- When was CVE-2025-48058 published?
- CVE-2025-48058 was published on 2025-06-20 and last updated on 2026-06-17.
References
- https://github.com/powsybl/powsybl-core/commit/72f79dec6d4292f892fbddd68a19c67935c7d81f
- https://github.com/powsybl/powsybl-core/releases/tag/v6.7.2
- https://github.com/powsybl/powsybl-core/security/advisories/GHSA-rqpx-f6rc-7hm5
Other CWE-1333 vulnerabilities
- CVE-2026-35458 — Critical (CVSS 9.8): Gotenberg is an API for converting document formats. In 8.29.1 and earlier, Gotenberg uses dlclark/regexp2 to compile…
- CVE-2023-29486 — Critical (CVSS 9.8): An issue was discovered in Heimdal Thor agent versions 3.4.2 and before 3.7.0 on Windows, allows attackers to bypass…
- CVE-2026-25547 — Critical (CVSS 9.2): @isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1,…
- CVE-2023-29487 — Critical (CVSS 9.1): An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and before on macOS,…
- CVE-2026-47138 — High (CVSS 8.7): Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to…
- CVE-2025-6998 — High (CVSS 8.7): ReDoS in strip_whitespaces() function in cps/string_helper.py in Calibre Web and Autocaliweb allows unauthenticated…