{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-53636", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2025-07-07T14:20:38.390Z", "datePublished": "2025-07-11T21:20:14.261Z", "dateUpdated": "2025-07-14T20:13:13.885Z"}, "containers": {"cna": {"title": "Open OnDemand Shell App closed websocket DoS", "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "lang": "en", "description": "CWE-400: Uncontrolled Resource Consumption", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-779", "lang": "en", "description": "CWE-779: Logging of Excessive Data", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/OSC/ondemand/security/advisories/GHSA-x5xv-fw37-v524", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/OSC/ondemand/security/advisories/GHSA-x5xv-fw37-v524"}, {"name": "https://github.com/OSC/ondemand/commit/40800d68cd019c5f1c48b2deafebba6dff4abee2", "tags": ["x_refsource_MISC"], "url": "https://github.com/OSC/ondemand/commit/40800d68cd019c5f1c48b2deafebba6dff4abee2"}, {"name": "https://github.com/OSC/ondemand/commit/96f29b995e1add7562516614e4dc8d961987e8b4", "tags": ["x_refsource_MISC"], "url": "https://github.com/OSC/ondemand/commit/96f29b995e1add7562516614e4dc8d961987e8b4"}], "affected": [{"vendor": "OSC", "product": "ondemand", "versions": [{"version": ">= 1.6, < 3.1.14", "status": "affected"}, {"version": ">= 4.0.0-0.rc1, < 4.0.6", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-07-11T21:20:14.261Z"}, "descriptions": [{"lang": "en", "value": "Open OnDemand is an open-source HPC portal. Users can flood logs by interacting with the shell app and generating many errors. Users who flood logs can create very large log files causing a Denial of Service (DoS) to the ondemand system. This vulnerability is fixed in 3.1.14 and 4.0.6."}], "source": {"advisory": "GHSA-x5xv-fw37-v524", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-14T14:45:51.860688Z", "id": "CVE-2025-53636", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-14T20:13:13.885Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-53636", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-14T14:45:51.860688Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-14T14:45:55.966Z"}}], "cna": {"title": "Open OnDemand Shell App closed websocket DoS", "source": {"advisory": "GHSA-x5xv-fw37-v524", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "OSC", "product": "ondemand", "versions": [{"status": "affected", "version": ">= 1.6, < 3.1.14"}, {"status": "affected", "version": ">= 4.0.0-0.rc1, < 4.0.6"}]}], "references": [{"url": "https://github.com/OSC/ondemand/security/advisories/GHSA-x5xv-fw37-v524", "name": "https://github.com/OSC/ondemand/security/advisories/GHSA-x5xv-fw37-v524", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/OSC/ondemand/commit/40800d68cd019c5f1c48b2deafebba6dff4abee2", "name": "https://github.com/OSC/ondemand/commit/40800d68cd019c5f1c48b2deafebba6dff4abee2", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/OSC/ondemand/commit/96f29b995e1add7562516614e4dc8d961987e8b4", "name": "https://github.com/OSC/ondemand/commit/96f29b995e1add7562516614e4dc8d961987e8b4", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Open OnDemand is an open-source HPC portal. Users can flood logs by interacting with the shell app and generating many errors. Users who flood logs can create very large log files causing a Denial of Service (DoS) to the ondemand system. This vulnerability is fixed in 3.1.14 and 4.0.6."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-779", "description": "CWE-779: Logging of Excessive Data"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2025-07-11T21:20:14.261Z"}}}, "cveMetadata": {"cveId": "CVE-2025-53636", "state": "PUBLISHED", "dateUpdated": "2025-07-14T20:13:13.885Z", "dateReserved": "2025-07-07T14:20:38.390Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2025-07-11T21:20:14.261Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Open OnDemand is an open-source HPC portal. Users can flood logs by interacting with the shell app and generating many errors. Users who flood logs can create very large log files causing a Denial of Service (DoS) to the ondemand system. This vulnerability is fixed in 3.1.14 and 4.0.6."}, {"lang": "es", "value": "Open OnDemand es un portal de HPC de c\u00f3digo abierto. Los usuarios pueden inundar los registros al interactuar con la aplicaci\u00f3n shell, lo que genera numerosos errores. Estos usuarios pueden crear archivos de registro muy grandes, lo que provoca una denegaci\u00f3n de servicio (DoS) en el sistema OnDemand. Esta vulnerabilidad se corrigi\u00f3 en las versiones 3.1.14 y 4.0.6."}], "id": "CVE-2025-53636", "lastModified": "2025-07-15T13:14:49.980", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-07-11T22:15:25.400", "references": [{"source": "[email protected]", "url": "https://github.com/OSC/ondemand/commit/40800d68cd019c5f1c48b2deafebba6dff4abee2"}, {"source": "[email protected]", "url": "https://github.com/OSC/ondemand/commit/96f29b995e1add7562516614e4dc8d961987e8b4"}, {"source": "[email protected]", "url": "https://github.com/OSC/ondemand/security/advisories/GHSA-x5xv-fw37-v524"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}, {"lang": "en", "value": "CWE-779"}], "source": "[email protected]", "type": "Primary"}]}

{}