CVE-2025-14466

Summary

A vulnerability in the web interface of the Güralp Fortimus Series, Minimus Series and Certimus Series allows an unauthenticated attacker with network access to send specially-crafted HTTP requests that can cause the web service process to deliberately restart. Although this mechanism limits the impact of the attack, it results in a brief denial-of-service condition during the restart.

Affected Software

VendorProductVersion RangeStatus
Güralp SystemsFortimus SeriesAll versionsaffected
Güralp SystemsMinimus SeriesAll versionsaffected
Güralp SystemsCertimus SeriesAll versionsaffected

Weaknesses

  • CWE-770: CWE-770 Allocation of Resources Without Limits or Throttling

Workarounds

Güralp Systems recommends that users operate their systems behind a NAT or VPN firewall. For more information, please contact Güralp Systems.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References