{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-14T03:22:25.431","vulnerabilities":[{"cve":{"id":"CVE-2025-25289","sourceIdentifier":"security-advisories@github.com","published":"2025-02-14T20:15:35.100","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"@octokit/request-error is an error class for Octokit request errors. Starting in version 1.0.0 and prior to version 6.1.7, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the processing of HTTP request headers. By sending an authorization header containing an excessively long sequence of spaces followed by a newline and \"@\", an attacker can exploit inefficient regular expression processing, leading to excessive resource consumption. This can significantly degrade server performance or cause a denial-of-service (DoS) condition, impacting availability. Version 6.1.7 contains a fix for the issue."},{"lang":"es","value":"@octokit/request-error es una clase de error para los errores de solicitud de Octokit. A partir de la versión 1.0.0 y antes de la versión 6.1.7, existe una vulnerabilidad de denegación de servicio de expresión regular (ReDoS) en el procesamiento de encabezados de solicitud HTTP. Al enviar un encabezado de autorización que contiene una secuencia excesivamente larga de espacios seguidos de una nueva línea y \"@\", un atacante puede explotar un procesamiento ineficiente de expresiones regulares, lo que lleva a un consumo excesivo de recursos. Esto puede degradar significativamente el rendimiento del servidor o causar una condición de denegación de servicio (DoS), lo que afecta la disponibilidad. La versión 6.1.7 contiene una solución para el problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-1333"}]}],"references":[{"url":"https://github.com/octokit/request-error.js/blob/main/src/index.ts","source":"security-advisories@github.com"},{"url":"https://github.com/octokit/request-error.js/commit/d558320874a4bc8d356babf1079e6f0056a59b9e","source":"security-advisories@github.com"},{"url":"https://github.com/octokit/request-error.js/security/advisories/GHSA-xx4v-prfh-6cgc","source":"security-advisories@github.com"}]}}]}