← back
CVE-2025-8396

CVE-2025-8396

CVSS 6.9 MEDIUMEPSS 0.4%CWE-770
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.9EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
15 Sep 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Insufficiently specific bounds checking on authorization header could lead to denial of service in the Temporal server on all platforms due to excessive memory allocation.This issue affects all platforms and versions of OSS Server prior to 1.26.3, 1.27.3, and 1.28.1 (i.e., fixed in 1.26.3, 1.27.3, and 1.28.1 and later). Temporal Cloud services are not impacted.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/S:N/AU:Y
Affected products
Temporal · OSS Server

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →