Cyber Resilience

CVE-2025-70047

HighDDoS

Published: 09 March 2026

Published
09 March 2026
Modified
13 March 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0006 18.6th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-70047 is a high-severity Uncontrolled Resource Consumption (CWE-400) vulnerability in Nexus Nexusinterface. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 18.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SC-6 (Resource Availability).

Deeper analysis

CVE-2025-70047 is a CWE-400: Uncontrolled Resource Consumption vulnerability discovered in Nexusoft NexusInterface version 3.2.0-beta.2. This flaw allows for denial-of-service conditions through excessive resource usage, as evidenced by its CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). The vulnerability affects the NexusInterface component, a software product from Nexusoft, and was published on 2026-03-09.

Attackers can exploit this vulnerability remotely over the network without authentication or user interaction, requiring only low complexity. Successful exploitation results in high-impact availability disruption, such as crashing the service or consuming excessive CPU/memory resources, while causing no direct confidentiality or integrity impacts.

References for further details include a GitHub Gist at https://gist.github.com/zcxlighthouse/86874c6c096c6c013803ed936b79da96, along with the Nexusoft organization page at https://github.com/Nexusoft and the NexusInterface repository at https://github.com/Nexusoft/NexusInterface.

EU & UK References

Vulnerability details

An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in Nexusoft NexusInterface v3.2.0-beta.2.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Uncontrolled resource consumption (CWE-400) directly enables application/system exploitation for endpoint denial of service via remote unauthenticated requests that exhaust CPU/memory or crash the service.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-70048Same product: Nexus Nexusinterface
CVE-2024-56921Shared CWE-400
CVE-2026-33538Shared CWE-400
CVE-2026-0517Shared CWE-400
CVE-2026-6051Shared CWE-400
CVE-2026-21945Shared CWE-400
CVE-2026-33750Shared CWE-400
CVE-2024-33618Shared CWE-400
CVE-2025-69534Shared CWE-400
CVE-2025-29487Shared CWE-400

Affected Assets

nexus
nexusinterface
3.2.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly prevents denial-of-service events including uncontrolled resource consumption like excessive CPU or memory usage exploited remotely.

prevent

Enforces resource allocation policies and monitoring to protect against unauthorized or excessive consumption leading to availability disruption.

prevent

Restricts information inputs to mitigate resource exhaustion attacks by limiting rates, sizes, or types that trigger uncontrolled consumption in NexusInterface.

References