CVE-2025-27911

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-27911
An issue was discovered in Datalust Seq before 2024.3.13545. Expansion of identifiers in message templates can be used to bypass the system "Event body limit bytes" setting, leading to increased resource consumption. With sufficiently large events, there can be disk space exhaustion (if saved to disk) or a termination of the server process with an out-of-memory error.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://datalust.co/seq Product
https://github.com/datalust/seq-tickets/issues/2365 Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:datalust:seq:*:*:*:*:*:*:*:*
History

10 Oct 2025, 20:25

Type Values Removed Values Added
First Time Datalust
Datalust seq
References () https://datalust.co/seq - () https://datalust.co/seq - Product
References () https://github.com/datalust/seq-tickets/issues/2365 - () https://github.com/datalust/seq-tickets/issues/2365 - Issue Tracking, Vendor Advisory
Summary
  • (es) Se descubrió un problema en Datalust Seq antes de 2024.3.13545. La expansión de identificadores en las plantillas de mensajes se puede utilizar para omitir la configuración del sistema "Límite de bytes del cuerpo del evento", lo que genera un mayor consumo de recursos. Con eventos lo suficientemente grandes, puede producirse un agotamiento del espacio en disco (si se guarda en el disco) o una finalización del proceso del servidor con un error de falta de memoria.
CPE cpe:2.3:a:datalust:seq:*:*:*:*:*:*:*:*

11 Mar 2025, 08:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-11 08:15

Updated : 2025-10-10 20:25

NVD link : CVE-2025-27911

Mitre link : CVE-2025-27911

CVE.ORG link : CVE-2025-27911

JSON object : View

Products Affected

datalust

  • seq
CWE
CWE-770

Allocation of Resources Without Limits or Throttling