Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs_CVE-2025-57751

7.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P

Description

pyLoad is the free and open-source Download Manager written in pure Python. The jk parameter is received in pyLoad CNL Blueprint. Due to the lack of jk parameter verification, the jk parameter input by the user is directly determined as dykpy.evaljs(), resulting in the server CPU being fully occupied and the web-ui becoming unresponsive. This vulnerability is fixed in 0.5.0b3.dev92.

Basic Information

ID CVE-2025-57751

Source GitHub_M

Published Aug 21, 2025 at 18:27

Modified Aug 21, 2025 at 18:42

Affected Product

Vendor pyload

Product pyload

Version < 0.5.0b3.dev92

Affected Versions pyload pyload < 0.5.0b3.dev92

CWE Classification

CWE-400

References

github.com /pyload/pyload/security/advisories/GHSA-9gjj-6gj7-c4wj

{
    "lastseen": "",
    "description": "pyLoad is the free and open-source Download Manager written in pure Python. The jk parameter is received in pyLoad CNL Blueprint. Due to the lack of jk parameter verification, the jk parameter input by the user is directly determined as dykpy.evaljs(), resulting in the server CPU being fully occupied and the web-ui becoming unresponsive. This vulnerability is fixed in 0.5.0b3.dev92.",
    "published": "2025-08-21T18:27:04.620Z",
    "modified": "2025-08-21T18:42:16.688Z",
    "type": "cve",
    "title": "Denial-of-Service attack in pyLoad CNL Blueprint using dukpy.evaljs",
    "source": "GitHub_M",
    "references": "https://github.com/pyload/pyload/security/advisories/GHSA-9gjj-6gj7-c4wj",
    "id": "CVE-2025-57751",
    "bulletinFamily": "",
    "cwe": [
        "CWE-400"
    ],
    "cvelist": null,
    "sourceData": "pyload pyload < 0.5.0b3.dev92",
    "sourceHref": "",
    "cvss": {
        "score": 7.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "pyload",
    "version": "< 0.5.0b3.dev92",
    "vendor": "pyload",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}