CVE-2025-30153

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Mar 19, 2025

CWE ID 409

Summary

CVE-2025-30153 is a vulnerability affecting the kin-openapi Go project, which handles OpenAPI files. Before version 0.131.0, the software failed to properly validate multipart/form-data schemas in OpenAPI files. As a result, an attacker could upload a specially crafted ZIP file, potentially causing the server to exhaust all available system memory due to the automatic registration of the ZipFileBodyDecoder in the kin-openapi module. This issue, which goes against the documentation's claims, has been resolved in version 0.131.0.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/4bZMpV
https://www.cve.org/CVERecord?id=CVE-2025-30153
https://nvd.nist.gov/vuln/detail/CVE-2025-30153

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2025-30153

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations