CVE-2025-52494Uncontrolled Resource Consumption in ADA WEB Server

CWE-400Uncontrolled Resource ConsumptionCWE-770Allocation of Resources Without Limits or Throttling3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 80.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Adacore ADA WEB Server
Timeline
PublishedSep 3
Latest updateSep 8

Description

Adacore Ada Web Server (AWS) before 25.2 is vulnerable to a denial-of-service (DoS) condition due to improper handling of SSL handshakes during connection initialization. When a client initiates an HTTPS connection, the server performs the SSL handshake before assigning the connection to a processing slot. However, there is no specific timeout set for this phase, and the server uses the default socket timeout, which is effectively infinite. An attacker can exploit this by sending a malformed TLS

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

1
GHSA
GHSA-pvqr-qr3w-3jpg: Adacore Ada Web Server (AWS) before 252025-09-08

📋Vendor Advisories

1
Red Hat
aws: AdaCore AWS: Missing SSL handshake timeout can cause denial of service2025-09-03