CVE-2025-62727HIGHCVSS 7.5v>= 0.39.0, < 0.49.12025-10-28
CVE-2025-62727 [HIGH] CWE-407 CVE-2025-62727: Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0
Starlette is a lightweight ASGI framework/toolkit. Starting in version 0.39.0 and prior to version 0.49.1 , an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This enables CPU exhaustion per request, causing denial‑of‑service for endpoints se
nvd