Cyber Posture

CVE-2025-26819

High

Published: 15 February 2025

Published
15 February 2025
Modified
30 September 2025
KEV Added
Patch
CVSS Score 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score 0.0012 29.9th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-26819 is a high-severity Allocation of Resources Without Limits or Throttling (CWE-770) vulnerability in Getmonero Monero. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 29.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-5 Denial-of-service Protection good match
prevent

Directly protects against denial-of-service via resource exhaustion from unbounded HTTP server connections lacking response limits.

SC-6 Resource Availability good match
prevent

Enforces limits on resource availability to mitigate unbounded allocation during HTTP connections in Monero.

SI-2 Flaw Remediation good match
prevent

Timely flaw remediation via software updates applies the commit adding response limits, eliminating the vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
attack.mitre.org →
Why these techniques?

The vulnerability enables remote exploitation of the Monero HTTP server to cause unbounded resource allocation and availability impact, directly mapping to application or system exploitation for denial of service.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections.

Deeper analysisAI

CVE-2025-26819 is a vulnerability in Monero cryptocurrency software versions through 0.18.3.4 prior to commit ec74ff4, where the HTTP server lacks response limits. This issue, tied to CWE-770 (Allocation of Resources Without Limits or Throttling), allows unbounded resource allocation during HTTP connections. It carries a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H), highlighting its high severity due to network accessibility and significant availability impact.

Unauthenticated remote attackers can exploit this vulnerability over the network with low attack complexity and no user interaction required. By establishing HTTP server connections, attackers can trigger excessive resource consumption, leading to denial-of-service conditions through server resource exhaustion, as indicated by the high availability impact and changed scope in the CVSS vector.

The Monero project mitigated this vulnerability via commit ec74ff4a3d3ca38b7912af680209a45fd1701c3d, available at https://github.com/monero-project/monero/commit/ec74ff4a3d3ca38b7912af680209a45fd1701c3d, which introduces the necessary response limits. Security practitioners should update affected Monero nodes to a version incorporating this commit or later to prevent exploitation.

Details

CWE(s)
CWE-770

Affected Products

getmonero
monero
≤ 0.18.3.4

CVEs Like This One

CVE-2026-33256Shared CWE-770
CVE-2026-26313Shared CWE-770
CVE-2025-27219Shared CWE-770
CVE-2026-24458Shared CWE-770
CVE-2025-68136Shared CWE-770
CVE-2026-3260Shared CWE-770
CVE-2026-34513Shared CWE-770
CVE-2026-5438Shared CWE-770
CVE-2025-21521Shared CWE-770
CVE-2026-29772Shared CWE-770

References