Resource exhaustion in Bugsink

CVE-2025-64508

Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.5, brotli "bombs" (highly compressed brotli streams, such as many zeros) can be sent to the server. Since the server will attempt to decompress these streams before app…

EPSS: 0.004 (33.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2025-64508?
CVE-2025-64508 is a high-severity vulnerability in Bugsink, classified under Allocation of Resources Without Limits or Throttling. CVSS score: 7.5/10. Published 2025-11-10.
How severe is CVE-2025-64508?
High severity. CVSS v3 base score is 7.5 out of 10.