CVE-2025-3985

CVSS 3.1 Score 2.7 of 10 (low)

Details

Published Apr 27, 2025

Updated: Apr 29, 2025

CWE ID 1333

CWE ID 400

Summary

CVE-2025-3985 is a newly disclosed vulnerability affecting Apereo CAS 5.2.6. This issue, classified as problematic, targets the ResponseEntity function in the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\ManageRegisteredServicesMultiActionController.java. The manipulation of the Query argument results in inefficient regular expression complexity, allowing remote attackers to initiate the exploit. The vendor was contacted about the disclosure but did not respond, leaving the public open to potential exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/5heonw
https://www.cve.org/CVERecord?id=CVE-2025-3985
https://nvd.nist.gov/vuln/detail/CVE-2025-3985

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2025-3985

CVSS 3.1 Score 2.7 of 10 (low)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations