CVE-2025-30158
Severity CVSS v4.0:
Pending analysis
Type:
CWE-400
Uncontrolled Resource Consumption ('Resource Exhaustion')
Publication date:
18/04/2025
Last modified:
13/05/2025
Description
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the forum allows users to post iframe elements inside forum topics/comments/feed with no restriction on the iframe's width and height attributes. This allows an authenticated attacker to perform a UI-based denial of service (DoS) by injecting oversized iframes that block the forum UI and disrupt normal user interactions. This issue has been patched in version 2.2.0.
Impact
Base Score 3.x
7.10
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:namelessmc:nameless:*:*:*:*:*:*:*:* | 2.2.0 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/NamelessMC/Nameless/commit/caa42a975338a13fbc1658e8c440108f16135643
- https://github.com/NamelessMC/Nameless/releases/tag/v2.2.0
- https://github.com/NamelessMC/Nameless/security/advisories/GHSA-2prx-rgr7-hq5f
- https://github.com/NamelessMC/Nameless/security/advisories/GHSA-2prx-rgr7-hq5f