CVE-2025-27911

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-27911
An issue was discovered in Datalust Seq before 2024.3.13545. Expansion of identifiers in message templates can be used to bypass the system "Event body limit bytes" setting, leading to increased resource consumption. With sufficiently large events, there can be disk space exhaustion (if saved to disk) or a termination of the server process with an out-of-memory error.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://datalust.co/seq Product
https://github.com/datalust/seq-tickets/issues/2365 Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:datalust:seq:*:*:*:*:*:*:*:*
History

No history.

Information

Published : 2025-03-11 08:15

Updated : 2025-10-10 20:25

NVD link : CVE-2025-27911

Mitre link : CVE-2025-27911

CVE.ORG link : CVE-2025-27911

JSON object : View

Products Affected

datalust

  • seq
CWE
CWE-770

Allocation of Resources Without Limits or Throttling