Resource exhaustion in Ctfer-io Chall-manager

CVE-2025-53634

Chall-Manager is a platform-agnostic system able to start Challenges on Demand of a player. The HTTP Gateway processes headers, but with no timeout set. With a slow loris attack, an attacker could cause Denial of Service (DoS). Exploitatio…

EPSS: 0.005 (65.0th percentile) — read the EPSS interpretation.

Affected products

Ctfer-io Chall-manager — versions < 0.1.4

Weakness classification (CWE)

CWE-770 — Allocation of Resources Without Limits or Throttling

References

https://github.com/ctfer-io/chall-manager/security/advisories/GHSA-ggmv-j932-q89q (x_refsource_CONFIRM)
https://github.com/ctfer-io/chall-manager/commit/1385bd869142651146cd0b123085f91cec698636 (x_refsource_MISC)
https://github.com/ctfer-io/chall-manager/releases/tag/v0.1.4 (x_refsource_MISC)