CVE Daily

CVE-2025-6998

ReDoS in strip_whitespaces() function in cps/string_helper.py in Calibre Web and...

High CVSS 8.7

Overview

ReDoS in strip_whitespaces() function in cps/string_helper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login. This issue affects Calibre Web: 0.6.24 (Nicolette); Autocaliweb: from 0.7.0 before 0.7.1.

CWE: CWE-1333 Published: 2025-07-24T20:15:27.013
Risk analysis

This vulnerability is rated 🟠 HIGH.

  • CVSS: 8.7 (HIGH)
  • Detected tags: dos (tag impact: LOW)

Recommended actions:

  • Rate limiting, resource quotas and circuit breakers.

Recommended tools

Tags