CVE-2025-4215 — Uncontrolled Resource Consumption in Ublock Origin

CWE-400 — Uncontrolled Resource Consumption CWE-1333 — Regex Denial of Service4 documents4 sources

Severity

2.3LOWNVD

EPSS

1.3%

top 19.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ublockorigin Ublock Origin Debian Ublock-origin Gorhill Ublock Origin +1 more

Timeline

PublishedMay 2

Description

A vulnerability was found in gorhill uBlock Origin up to 1.63.3b16. It has been classified as problematic. Affected is the function currentStateChanged of the file src/js/1p-filters.js of the component UI. The manipulation leads to inefficient regular expression complexity. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.63.3b1…

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages3 packages

▶CVEListV5gorhill/ublock_origin1.63.3b16

▶debiandebian/ublock-origin< ublock-origin 1.62.0+dfsg-0+deb12u1 (bookworm)

▶NVDublockorigin/ublock_origin< 1.63.3+1

Also affects: Debian Linux 11.0

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2025-4215: A vulnerability was found in gorhill uBlock Origin up to 1↗2025-05-02

▶

GHSA

GHSA-785g-r934-c877: A vulnerability was found in gorhill uBlock Origin up to 1↗2025-05-02

▶

📋Vendor Advisories

Debian

CVE-2025-4215: ublock-origin - A vulnerability was found in gorhill uBlock Origin up to 1.63.3b16. It has been ...↗2025

▶