{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-46354", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2025-05-22T16:04:45.388Z", "datePublished": "2025-07-22T15:26:32.910Z", "dateUpdated": "2025-07-23T15:06:56.215Z"}, "containers": {"cna": {"affected": [{"vendor": "Bloomberg", "product": "Comdb2", "versions": [{"version": "8.1", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A denial of service vulnerability exists in the Distributed Transaction Commit/Abort Operation functionality of Bloomberg Comdb2 8.1. A specially crafted network packet can lead to a denial of service. An attacker can send a malicious packet to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-617: Reachable Assertion", "type": "CWE", "cweId": "CWE-617"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2025-07-22T15:26:32.910Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2198", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2198"}], "credits": [{"lang": "en", "value": "Discovered by a member of Cisco Talos."}]}, "adp": [{"references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2198", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-23T15:06:51.408188Z", "id": "CVE-2025-46354", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-23T15:06:56.215Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-46354", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-23T15:06:51.408188Z"}}}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2198", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-23T15:06:37.614Z"}}], "cna": {"credits": [{"lang": "en", "value": "Discovered by a member of Cisco Talos."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Bloomberg", "product": "Comdb2", "versions": [{"status": "affected", "version": "8.1"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2198", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2198"}], "descriptions": [{"lang": "en", "value": "A denial of service vulnerability exists in the Distributed Transaction Commit/Abort Operation functionality of Bloomberg Comdb2 8.1. A specially crafted network packet can lead to a denial of service. An attacker can send a malicious packet to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-617", "description": "CWE-617: Reachable Assertion"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2025-07-22T15:26:32.910Z"}}}, "cveMetadata": {"cveId": "CVE-2025-46354", "state": "PUBLISHED", "dateUpdated": "2025-07-23T15:06:56.215Z", "dateReserved": "2025-05-22T16:04:45.388Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2025-07-22T15:26:32.910Z", "assignerShortName": "talos"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bloomberg:comdb2:8.1:*:*:*:*:*:*:*", "matchCriteriaId": "2B7BA78E-2D63-4122-BD8D-B3BBCD719556", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A denial of service vulnerability exists in the Distributed Transaction Commit/Abort Operation functionality of Bloomberg Comdb2 8.1. A specially crafted network packet can lead to a denial of service. An attacker can send a malicious packet to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio en la funcionalidad de \"Commit/Abort\" de operaciones de Operation functionality de Bloomberg Comdb2 8.1. Un paquete de red especialmente manipulado puede provocar una denegaci\u00f3n de servicio. Un atacante puede enviar un paquete malicioso para activar esta vulnerabilidad."}], "id": "CVE-2025-46354", "lastModified": "2025-08-22T16:17:53.963", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "talos-cna@cisco.com", "type": "Secondary"}]}, "published": "2025-07-22T16:15:29.697", "references": [{"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2198"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2198"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-617"}], "source": "talos-cna@cisco.com", "type": "Secondary"}]}

{}