CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-35435

CISA Thorium accepts a stream split size of zero then divides by this value. A remote, authenticated attacker could cause the service to crash. Fixed in commit 89101a6.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 29.4%

CVSS Severity

CVSS v3 Score 4.3

References

https://github.com/cisagov/thorium/commit/7c94a0b9bc2dc55e0c307360452f348bac06820c
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-259-01.json
https://www.cve.org/CVERecord?id=CVE-2025-CVE-2025-35435

Products affected by CVE-2025-35435

Cisa » Thorium » Version: 1.0.0

cpe:2.3:a:cisa:thorium:1.0.0
Cisa » Thorium » Version: 1.1.0

cpe:2.3:a:cisa:thorium:1.1.0
Cisa » Thorium » Version: 1.1.1

cpe:2.3:a:cisa:thorium:1.1.1
Cisa » Thorium » Version: 1.1.2

cpe:2.3:a:cisa:thorium:1.1.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-35435

Products

Pricing

Contact Us