CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-53636: Open OnDemand Shell App closed websocket DoS

5.4 CVSS

Description

Open OnDemand is an open-source HPC portal. Users can flood logs by interacting with the shell app and generating many errors. Users who flood logs can create very large log files causing a Denial of Service (DoS) to the ondemand system. This vulnerability is fixed in 3.1.14 and 4.0.6.

Classification

CVE ID: CVE-2025-53636

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.4

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Problem Types

CWE-400: Uncontrolled Resource Consumption CWE-779: Logging of Excessive Data

Affected Products

Vendor: OSC

Product: ondemand

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 9.13% (scored less or equal to compared to others)

EPSS Date: 2025-07-12 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-53636
https://github.com/OSC/ondemand/security/advisories/GHSA-x5xv-fw37-v524
https://github.com/OSC/ondemand/commit/40800d68cd019c5f1c48b2deafebba6dff4abee2
https://github.com/OSC/ondemand/commit/96f29b995e1add7562516614e4dc8d961987e8b4

Timeline

2025-07-11 22:40:19 UTC
CVE

Open OnDemand Shell App closed websocket DoS