CVE-2025-67731: Servify-express rate limit issue
(updated )
The Express server uses express.json() without a size limit, which can allow attackers to send extremely large request bodies. This may lead to excessive memory usage, degraded performance, or process crashes, resulting in a Denial of Service (DoS). Any application using the JSON parser without limits and exposed to untrusted clients is affected.
References
- github.com/Aarondoran/servify-express
- github.com/Aarondoran/servify-express/commit/197d848e5450bf85b0dd19ef8c2aa4ba96192300
- github.com/Aarondoran/servify-express/commit/8dff7f56504b356278d849734ef2050e5cd23b61
- github.com/Aarondoran/servify-express/releases/tag/V1.2
- github.com/Aarondoran/servify-express/security/advisories/GHSA-qgc4-8p88-4w7m
- github.com/advisories/GHSA-qgc4-8p88-4w7m
- nvd.nist.gov/vuln/detail/CVE-2025-67731
Code Behaviors & Features
Detect and mitigate CVE-2025-67731 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →