CVE-2025-61301

Published
View on NVD ↗
CVSS v3
7.5
HIGH
CVSS v2
N/A
Affected
2
PROJECTS

Description

Denial-of-analysis in reporting/mongodb.py and reporting/jsondump.py in CAPEv2 (commit 52e4b43, on 2025-05-17) allows attackers who can submit samples to cause incomplete or missing behavioral analysis reports by generating deeply nested or oversized behavior data that trigger MongoDB BSON limits or orjson recursion errors when the sample executes in the sandbox.

eGkritsis/CVE-2025-61301
eGkritsis/CVE-2025-61301
CAPEv2 reporting/mongodb.py and reporting/jsondump.py allow denial-of-analysis when deeply nested or oversized behavior documents trigger orjson serialization errors or MongoDB BSON size/nesting limits, causing truncated or missing analysis reports.
GitHubGitHub
1
kevoreilly/CAPEv2
kevoreilly/CAPEv2
Malware Configuration And Payload Extraction
GitHubGitHub
3.25K