CVE-2025-35435

Summary

CISA Thorium accepts a stream split size of zero then divides by this value. A remote, authenticated attacker could cause the service to crash. Fixed in commit 89101a6.

Affected Software

VendorProductVersion RangeStatus
CISAThorium1.0.0 < 89101a6affected
CISAThorium89101a6unaffected

Weaknesses

  • CWE-369: CWE-369 Divide By Zero

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References