CVE-2025-70030

High

Published: 09 March 2026

Published

09 March 2026

Modified

01 April 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0006 17.4th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-70030 is a high-severity Inefficient Regular Expression Complexity (CWE-1333) vulnerability in Sunbird Sunbirded-Portal. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 17.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004).

Threat & Defense Details

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

ReDoS vulnerability (CWE-1333) in a public-facing web portal directly enables remote unauthenticated exploitation of application code to exhaust resources and deny service (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity (4.19) was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4.

Deeper analysisAI

CVE-2025-70030 is a vulnerability corresponding to CWE-1333 (Inefficient Regular Expression Complexity, version 4.19) in Sunbird-Ed SunbirdEd-portal version 1.13.4. Published on 2026-03-09, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating a high-severity issue primarily impacting availability.

Unauthenticated attackers can exploit this vulnerability remotely over the network with low attack complexity and no user interaction required. Exploitation triggers inefficient regular expression processing, leading to a denial-of-service condition through resource exhaustion, without compromising confidentiality or integrity.

Mitigation details are available in referenced resources, including a GitHub Gist at https://gist.github.com/zcxlighthouse/d80812b9d90683c0ac65db656ae3cfb0 and the project's repositories at https://github.com/Sunbird-Ed and https://github.com/Sunbird-Ed/SunbirdEd-portal. Security practitioners should consult these for patch information or workarounds specific to SunbirdEd-portal v1.13.4.

Details

CWE(s): CWE-1333

Affected Products

sunbird

sunbirded-portal

1.13.4

CVEs Like This One

CVE-2025-70028Same product: Sunbird Sunbirded-Portal

CVE-2025-70031Same product: Sunbird Sunbirded-Portal

CVE-2025-70027Same product: Sunbird Sunbirded-Portal

CVE-2025-70029Same product: Sunbird Sunbirded-Portal

CVE-2026-28356Shared CWE-1333

CVE-2026-22178Shared CWE-1333

CVE-2026-1388Shared CWE-1333

CVE-2026-23897Shared CWE-1333

CVE-2026-4867Shared CWE-1333

CVE-2026-35213Shared CWE-1333

References

https://gist.github.com/zcxlighthouse/d80812b9d90683c0ac65db656ae3cfb0
Third Party Advisory · cve@mitre.org
https://github.com/Sunbird-Ed
Product · cve@mitre.org
https://github.com/Sunbird-Ed/SunbirdEd-portal
Product · cve@mitre.org