CVE-2025-14466 MEDIUM

CVE-2025-14466: Güralp Systems Fortimus Series, Minimus Series, and Certimus Series have an Allocation of Resources Without Limits or Throttling vulnerability

Vendor Güralp Systems
Product Fortimus Series
Weakness CWE-770 · Uncontrolled resource consumption
Published December 16, 2025
Last update December 17, 2025

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability in the web interface of the Güralp Fortimus Series, Minimus Series and Certimus Series allows an unauthenticated attacker with network access to send specially-crafted HTTP requests that can cause the web service process to deliberately restart. Although this mechanism limits the impact of the attack, it results in a brief denial-of-service condition during the restart.

Key dates

02Disclosure timeline

December 16, 2025 CVE published
December 17, 2025 Record updated