CVE-2025-30160

Redlib is an alternative private front-end to Reddit. A vulnerability has been identified in Redlib where an attacker can cause a denial-of-service (DOS) condition by submitting a specially crafted base2048-encoded DEFLATE decompression bomb to the restore_preferences form. This leads to excessive memory consumption and potential system instability, which can be exploited to disrupt Redlib instances. This vulnerability is fixed in 0.36.0.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/redlib-org/redlib/commit/15147cea8e42f6569a11603d661d71122f6a02dc	Patch
https://github.com/redlib-org/redlib/commit/2e95e1fc6e2064ccfae87964b4860bda55eddb9a	Patch
https://github.com/redlib-org/redlib/security/advisories/GHSA-g8vq-v3mg-7mrg	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:redlib:redlib:*:*:*:*:*:*:*:*

History

03 Feb 2026, 16:47

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
CPE		cpe:2.3:a:redlib:redlib::::::::
First Time		Redlib redlib Redlib
References	~~() https://github.com/redlib-org/redlib/commit/15147cea8e42f6569a11603d661d71122f6a02dc -~~	() https://github.com/redlib-org/redlib/commit/15147cea8e42f6569a11603d661d71122f6a02dc - Patch
References	~~() https://github.com/redlib-org/redlib/commit/2e95e1fc6e2064ccfae87964b4860bda55eddb9a -~~	() https://github.com/redlib-org/redlib/commit/2e95e1fc6e2064ccfae87964b4860bda55eddb9a - Patch
References	~~() https://github.com/redlib-org/redlib/security/advisories/GHSA-g8vq-v3mg-7mrg -~~	() https://github.com/redlib-org/redlib/security/advisories/GHSA-g8vq-v3mg-7mrg - Patch, Vendor Advisory

Information

Published : 2025-03-20 19:15

Updated : 2026-02-03 16:47

NVD link : CVE-2025-30160

Mitre link : CVE-2025-30160

CVE.ORG link : CVE-2025-30160

JSON object : View

Products Affected

redlib

redlib

CWE

CWE-400

Uncontrolled Resource Consumption

CWE-502

Deserialization of Untrusted Data

{"id": "CVE-2025-30160", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-03-20T19:15:38.383", "references": [{"url": "https://github.com/redlib-org/redlib/commit/15147cea8e42f6569a11603d661d71122f6a02dc", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/redlib-org/redlib/commit/2e95e1fc6e2064ccfae87964b4860bda55eddb9a", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/redlib-org/redlib/security/advisories/GHSA-g8vq-v3mg-7mrg", "tags": ["Patch", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-400"}, {"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "Redlib is an alternative private front-end to Reddit. A vulnerability has been identified in Redlib where an attacker can cause a denial-of-service (DOS) condition by submitting a specially crafted base2048-encoded DEFLATE decompression bomb to the restore_preferences form. This leads to excessive memory consumption and potential system instability, which can be exploited to disrupt Redlib instances. This vulnerability is fixed in 0.36.0."}, {"lang": "es", "value": "Redlib es una interfaz privada alternativa a Reddit. Se ha identificado una vulnerabilidad en Redlib que permite a un atacante causar una denegaci\u00f3n de servicio (DOS) al enviar una bomba de descompresi\u00f3n DEFLATE, especialmente dise\u00f1ada y codificada en base2048, al formulario restore_preferences. Esto provoca un consumo excesivo de memoria y una posible inestabilidad del sistema, lo cual puede explotarse para interrumpir las instancias de Redlib. Esta vulnerabilidad est\u00e1 corregida en la versi\u00f3n 0.36.0."}], "lastModified": "2026-02-03T16:47:39.357", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redlib:redlib:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2466946-B1CD-448E-BE89-D2CD84158A6B", "versionEndExcluding": "0.36.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}