Vulnerability Details CVE-2025-29784
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the s parameter in GET requests for forum search functionality lacks length validation, allowing attackers to submit excessively long search queries. This oversight can lead to performance degradation and potential denial-of-service (DoS) attacks. This issue has been patched in version 2.2.0.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.2%
CVSS Severity
CVSS v3 Score 7.5
References
- https://github.com/NamelessMC/Nameless/commit/f5341e56930a98978171e0a871d60f19ab30ebdd
- https://github.com/NamelessMC/Nameless/releases/tag/v2.2.0
- https://github.com/NamelessMC/Nameless/security/advisories/GHSA-4hrq-rf96-c2jm
- https://github.com/NamelessMC/Nameless/security/advisories/GHSA-4hrq-rf96-c2jm
Products affected by CVE-2025-29784
-
cpe:2.3:a:namelessmc:nameless:1.0.0
-
cpe:2.3:a:namelessmc:nameless:1.0.1
-
cpe:2.3:a:namelessmc:nameless:1.0.10
-
cpe:2.3:a:namelessmc:nameless:1.0.11
-
cpe:2.3:a:namelessmc:nameless:1.0.12
-
cpe:2.3:a:namelessmc:nameless:1.0.13
-
cpe:2.3:a:namelessmc:nameless:1.0.14
-
cpe:2.3:a:namelessmc:nameless:1.0.15
-
cpe:2.3:a:namelessmc:nameless:1.0.16
-
cpe:2.3:a:namelessmc:nameless:1.0.17
-
cpe:2.3:a:namelessmc:nameless:1.0.18
-
cpe:2.3:a:namelessmc:nameless:1.0.19
-
cpe:2.3:a:namelessmc:nameless:1.0.2
-
cpe:2.3:a:namelessmc:nameless:1.0.20
-
cpe:2.3:a:namelessmc:nameless:1.0.21
-
cpe:2.3:a:namelessmc:nameless:1.0.22
-
cpe:2.3:a:namelessmc:nameless:1.0.3
-
cpe:2.3:a:namelessmc:nameless:1.0.4
-
cpe:2.3:a:namelessmc:nameless:1.0.5
-
cpe:2.3:a:namelessmc:nameless:1.0.6
-
cpe:2.3:a:namelessmc:nameless:1.0.7
-
cpe:2.3:a:namelessmc:nameless:1.0.8
-
cpe:2.3:a:namelessmc:nameless:1.0.9
-
cpe:2.3:a:namelessmc:nameless:2.0.0
-
cpe:2.3:a:namelessmc:nameless:2.0.1
-
cpe:2.3:a:namelessmc:nameless:2.0.2
-
cpe:2.3:a:namelessmc:nameless:2.0.3
-
cpe:2.3:a:namelessmc:nameless:2.1.3
-
cpe:2.3:a:namelessmc:nameless:2.1.4