CVE-2025-67899 — Uncontrolled Recursion in Project Uriparser

CWE-674 — Uncontrolled Recursion7 documents7 sources

Severity

2.9LOWNVD

EPSS

0.0%

top 93.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Uriparser Project Uriparser

Timeline

PublishedDec 14

Latest updateDec 15

Description

uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 1.4 | Impact: 1.4

Affected Packages1 packages

▶CVEListV5uriparser_project/uriparser0.9.9

🔴Vulnerability Details

GHSA

GHSA-h2vr-rqqp-xv8m: uriparser through 0↗2025-12-15

▶

CVEList

CVE-2025-67899: uriparser through 0↗2025-12-14

▶

OSV

CVE-2025-67899: uriparser through 0↗2025-12-14

▶

📋Vendor Advisories

Red Hat

uriparser: uriparser: Unbounded recursion and stack consumption via large input↗2025-12-14

▶

Debian

CVE-2025-67899: uriparser - uriparser through 0.9.9 allows unbounded recursion and stack consumption, as dem...↗2025

▶

🕵️Threat Intelligence

Wiz

CVE-2025-67899 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶