Cyber Resilience

CVE-2025-55058

Medium

Published: 17 November 2025

Published
17 November 2025
Modified
24 November 2025
KEV Added
Patch
CVSS Score v3.1 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H
EPSS Score 0.0006 18.5th percentile
Risk Priority 9 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-55058 is a medium-severity Improper Input Validation (CWE-20) vulnerability in Maxum Rumpus. Its CVSS base score is 4.5 (Medium).

Operationally, ranked at the 18.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-55058 is a vulnerability classified under CWE-20 (Improper Input Validation), with an additional NVD-CWE-noinfo notation. It carries a CVSS v3.1 base score of 4.5, reflecting a moderate severity rating. The specific software or component affected is not detailed in the provided information.

The vulnerability can be exploited over the network (AV:N) with low attack complexity (AC:L), but requires high privileges (PR:H) and user interaction (UI:R). Exploitation has no impact on confidentiality or integrity (C:N/I:N), unchanged scope (S:U), but results in high impact to availability (A:H), potentially enabling denial-of-service conditions.

Advisories related to this CVE can be found at https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0, which may provide further details on patches or mitigation steps. The CVE was published on 2025-11-17T18:15:57.543.

EU & UK References

Vulnerability details

CWE-20 Improper Input Validation

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

Insufficient information to map techniques.
Confidence: LOW · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-55055Same product: Maxum Rumpus
CVE-2026-2750Shared CWE-20
CVE-2026-22862Shared CWE-20
CVE-2025-27224Shared CWE-20
CVE-2026-21268Shared CWE-20
CVE-2025-21234Shared CWE-20
CVE-2026-22868Shared CWE-20
CVE-2025-12907Shared CWE-20
CVE-2025-71003Shared CWE-20
CVE-2026-28860Shared CWE-20

Affected Assets

maxum
rumpus
9.0.12

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires the system to validate information inputs, comprehensively addressing the CWE-20 improper input validation at the root of this CVE.

prevent

Mandates timely identification, reporting, and remediation of flaws like this CVE, preventing exploitation through patching.

preventdetect

Protects against or limits denial-of-service effects, directly mitigating the high availability impact of this vulnerability.

References