CVE-2025-55058

Medium

Published: 17 November 2025

Published

17 November 2025

Modified

24 November 2025

KEV Added

—

Patch

—

CVSS Score 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H

EPSS Score 0.0006 18.0th percentile

Risk Priority 9 60% EPSS · 20% KEV · 20% CVSS

Description

CWE-20 Improper Input Validation

Security Summary

CVE-2025-55058 is a vulnerability classified under CWE-20 (Improper Input Validation), with an additional NVD-CWE-noinfo notation. It carries a CVSS v3.1 base score of 4.5, reflecting a moderate severity rating. The specific software or component affected is not detailed in the provided information.

The vulnerability can be exploited over the network (AV:N) with low attack complexity (AC:L), but requires high privileges (PR:H) and user interaction (UI:R). Exploitation has no impact on confidentiality or integrity (C:N/I:N), unchanged scope (S:U), but results in high impact to availability (A:H), potentially enabling denial-of-service conditions.

Advisories related to this CVE can be found at https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0, which may provide further details on patches or mitigation steps. The CVE was published on 2025-11-17T18:15:57.543.

Details

CWE(s): CWE-20NVD-CWE-noinfo

Affected Products

maxum

rumpus

9.0.12

MITRE ATT&CK Enterprise Techniques

Insufficient information to map techniques.

Confidence: LOW · MITRE ATT&CK Enterprise v19.0

References

https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0
Third Party Advisory · cna@cyber.gov.il