Asymmetric Resource Consumption (Amplification)

CVE-2025-42873

Medium

5.9/10

Summary

SAPUI5 (and OpenUI5) packages use outdated 3rd party libraries with known security vulnerabilities. When markdown-it encounters special malformed input, it fails to terminate properly, resulting in an infinite loop. This Denial of Service via infinite loop causes high CPU usage and system unresponsiveness due to a blocked processing thread. This vulnerability has no impact on confidentiality or integrity but has a high impact on system availability.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-405 - Asymmetric Resource Consumption (Amplification)

Software that does not appropriately monitor or control resource consumption can lead to adverse system performance.

References

Advisory Timeline

Published Dec 09, 2025

Asymmetric Resource Consumption (Amplification)

CVE-2025-42873

Summary

CWE-405 - Asymmetric Resource Consumption (Amplification)

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS