CVE-2025-8396 MEDIUM

CVE-2025-8396

Vendor Temporal
Product OSS Server
Weakness CWE-770 · Uncontrolled resource consumption
Published September 15, 2025
Last update September 15, 2025

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/S:N/AU:Y

What the vulnerability does

01Description

Insufficiently specific bounds checking on authorization header could lead to denial of service in the Temporal server on all platforms due to excessive memory allocation.This issue affects all platforms and versions of OSS Server prior to 1.26.3, 1.27.3, and 1.28.1 (i.e., fixed in 1.26.3, 1.27.3, and 1.28.1 and later). Temporal Cloud services are not impacted.

Key dates

02Disclosure timeline

September 15, 2025 CVE published
September 15, 2025 Record updated