CVE-2025-6998
Description
ReDoS in strip_whitespaces() function in cps/string_helper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login. This issue affects Calibre Web: 0.6.24 (Nicolette); Autocaliweb: from 0.7.0 before 0.7.1.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2025-6998? +
How do I check if I'm vulnerable to CVE-2025-6998? +
Related Vulnerabilities
PowSyBl (Power System Blocks) is a framework to build power system oriented software. Prior to version 6.7.2, there is a …
PowSyBl (Power System Blocks) is a framework to build power system oriented software. In com.powsybl:powsybl-iidm-criteria versions 6.3.0 to before 6.7.2 …
Microsoft Knack 0.12.0 allows Regular expression Denial of Service (ReDoS) in the knack.introspection module. extract_full_summary_from_signature employs an inefficient regular expression …
Microsoft Knack 0.12.0 allows Regular expression Denial of Service (ReDoS) in the knack.introspection module. option_descriptions employs an inefficient regular expression …
Cattown is a JavaScript markdown parser. Versions prior to 1.0.2 used regular expressions with inefficient, potentially exponential worst-case complexity. This …
Action Pack is a framework for handling and responding to web requests. Starting in version 4.0.0 and prior to versions …