{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-12T19:11:44.595","vulnerabilities":[{"cve":{"id":"CVE-2025-49763","sourceIdentifier":"security@apache.org","published":"2025-06-19T10:15:21.887","lastModified":"2025-07-01T20:15:05.673","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"ESI plugin does not have the limit for maximum inclusion depth, and that allows excessive memory consumption if malicious instructions are inserted.\n\nUsers can use a new setting for the plugin (--max-inclusion-depth) to limit it.\nThis issue affects Apache Traffic Server: from 10.0.0 through 10.0.5, from 9.0.0 through 9.2.10.\n\nUsers are recommended to upgrade to version 9.2.11 or 10.0.6,  which fixes the issue."},{"lang":"es","value":"El complemento ESI no tiene límite de profundidad máxima de inclusión, lo que permite un consumo excesivo de memoria si se insertan instrucciones maliciosas. Los usuarios pueden usar una nueva configuración del complemento (--max-inclusion-depth) para limitarlo. Este problema afecta a Apache Traffic Server: de la 10.0.0 a la 10.0.5 y de la 9.0.0 a la 9.2.10. Se recomienda actualizar a la versión 9.2.11 o 10.0.6, que soluciona el problema."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.0","versionEndExcluding":"9.2.11","matchCriteriaId":"7AB2F8C0-3B8A-4C21-8358-4718FB3ECA5C"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*","versionStartIncluding":"10.0.0","versionEndExcluding":"10.0.6","matchCriteriaId":"5AF96465-2A06-4EC2-832C-36A094908691"}]}]}],"references":[{"url":"https://lists.apache.org/thread/15t32nxbypqg1m2smp640vjx89o6v5f8","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]}]}}]}