Güralp Systems Fortimus Series, Minimus Series, and Certimus Series have...

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Description

A vulnerability in the web interface of the Güralp Fortimus Series, Minimus Series and Certimus Series allows an unauthenticated attacker with network access to send specially-crafted HTTP requests that can cause the web service process to deliberately restart. Although this mechanism limits the impact of the attack, it results in a brief denial-of-service condition during the restart.

Basic Information

ID CVE-2025-14466

Source icscert

Published Dec 16, 2025 at 21:31

Affected Product

Vendor Güralp Systems

Product Fortimus Series

Version All versions

Affected Versions Güralp Systems Fortimus Series All versions
Güralp Systems Minimus Series All versions
Güralp Systems Certimus Series All versions

CWE Classification

CWE-770

References

{
    "lastseen": "",
    "description": "A vulnerability in the web interface of the G\u00fcralp Fortimus Series, Minimus Series and Certimus Series allows an unauthenticated attacker with network access to send specially-crafted HTTP requests that can cause the web service process to deliberately restart. Although this mechanism limits the impact of the attack, it results in a brief denial-of-service condition during the restart.",
    "published": "2025-12-16T21:31:55.428Z",
    "modified": "2025-12-16T21:31:55.428Z",
    "type": "cve",
    "title": "G\u00fcralp Systems Fortimus Series, Minimus Series, and Certimus Series have an Allocation of Resources Without Limits or Throttling vulnerability",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-350-01\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-350-01.json",
    "id": "CVE-2025-14466",
    "bulletinFamily": "",
    "cwe": [
        "CWE-770"
    ],
    "cvelist": null,
    "sourceData": "G\u00fcralp Systems Fortimus Series All versions\nG\u00fcralp Systems Minimus Series All versions\nG\u00fcralp Systems Certimus Series All versions",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Fortimus Series",
    "version": "All versions",
    "vendor": "G\u00fcralp Systems",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Güralp Systems Fortimus Series, Minimus Series, and Certimus Series have an Allocation of Resources Without Limits or Throttling vulnerability_CVE-2025-14466