VU#767506: HTTP/2 implementations are vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames

Threat Score:
49
Kb
1 day ago

Overview

Overview A vulnerability has been discovered within many HTTP/2 implementations allowing for denial of service (DoS) attacks through HTTP/2 control frames. This vulnerability is colloquially known as "MadeYouReset" and is tracked as CVE-2025-8671. Some vendors have assigned a specific CVE to their products to describe the vulnerability, such as CVE-2025-48989, which is used to identify Apache Tompact products affected by the vulnerability. MadeYouReset exploits a mismatch caused by stream resets...

Related Articles

5 articles
4

Cisco Warns of CVSS 10.0 FMC RADIUS Flaw Allowing Remote Code Execution

The Hacker News 2 hours ago

Cisco has released security updates to address a maximum-severity security flaw in Secure Firewall Management Center (FMC) Software that could allow an attacker to execute arbitrary code on affected systems. The vulnerability, assigned the CVE identifierCVE-2025-20265(CVSS score: 10.0), affects the RADIUS subsystem implementation that could permit an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device. The networking equipment major said the issue

Score
82
Read more
5

CVE-2025-8088 – WinRAR 0-Day Path Traversal Vulnerability Exploited to Execute Malware

Cybersecurity News 2 hours ago

A zero-day vulnerability in WinRAR allows malware to be deployed on unsuspecting users’ systems, highlighting the ongoing threats to popular software. Tracked as CVE-2025-8088, this path traversal flaw affects the Windows version of the widely used file archiving tool, enabling attackers to execute arbitrary code through specially crafted archives. The vulnerability, discovered in mid-July 2025, […]

Score
81
Read more