CVE-2025-55058
Published: 17 November 2025
Summary
CVE-2025-55058 is a medium-severity Improper Input Validation (CWE-20) vulnerability in Maxum Rumpus. Its CVSS base score is 4.5 (Medium).
Operationally, ranked at the 18.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires the system to validate information inputs, comprehensively addressing the CWE-20 improper input validation at the root of this CVE.
Mandates timely identification, reporting, and remediation of flaws like this CVE, preventing exploitation through patching.
Protects against or limits denial-of-service effects, directly mitigating the high availability impact of this vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Insufficient information to map techniques.NVD Description
CWE-20 Improper Input Validation
Deeper analysisAI
CVE-2025-55058 is a vulnerability classified under CWE-20 (Improper Input Validation), with an additional NVD-CWE-noinfo notation. It carries a CVSS v3.1 base score of 4.5, reflecting a moderate severity rating. The specific software or component affected is not detailed in the provided information.
The vulnerability can be exploited over the network (AV:N) with low attack complexity (AC:L), but requires high privileges (PR:H) and user interaction (UI:R). Exploitation has no impact on confidentiality or integrity (C:N/I:N), unchanged scope (S:U), but results in high impact to availability (A:H), potentially enabling denial-of-service conditions.
Advisories related to this CVE can be found at https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0, which may provide further details on patches or mitigation steps. The CVE was published on 2025-11-17T18:15:57.543.
Details
- CWE(s)