CVE-2025-30160 HIGH

CVE-2025-30160: Redlib allows a Denial of Service via DEFLATE Decompression Bomb in restore_preferences Form

Vendor Redlib-Org
Product redlib
Weakness CWE-400
Published March 20, 2025
Last update March 20, 2025

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Redlib is an alternative private front-end to Reddit. A vulnerability has been identified in Redlib where an attacker can cause a denial-of-service (DOS) condition by submitting a specially crafted base2048-encoded DEFLATE decompression bomb to the restore_preferences form. This leads to excessive memory consumption and potential system instability, which can be exploited to disrupt Redlib instances. This vulnerability is fixed in 0.36.0.

Key dates

02Disclosure timeline

March 20, 2025 CVE published
March 20, 2025 Record updated