CVE-2025-48058 MEDIUM

CVE-2025-48058: PowSyBl Core contains Polynomial REDoS’es

Vendor Powsybl
Product powsybl-core
Weakness CWE-1333
Published June 20, 2025
Last update June 20, 2025

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

PowSyBl (Power System Blocks) is a framework to build power system oriented software. Prior to version 6.7.2, there is a potential polynomial Regular Expression Denial of Service (ReDoS) vulnerability in the PowSyBl's DataSource mechanism. If successfully exploited, a malicious actor can cause significant CPU consumption due to regex backtracking — even with polynomial patterns. This issue has been patched in com.powsybl:powsybl-commons: 6.7.2.

Key dates

02Disclosure timeline

June 20, 2025 CVE published
June 20, 2025 Record updated