Denial-of-analysis in reporting/mongodb.py and reporting/jsondump.py in CAPEv2 (commit 52e4b43, on 2025-05-17) allows attackers who can submit samples to cause incomplete or missing behavioral analysis reports by generating deeply nested or oversized behavior data that trigger MongoDB BSON limits or orjson recursion errors when the sample executes in the sandbox.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

No data.

No data.

No data.

No data.

References
Link Providers
http://capev2.com cve-icon cve-icon
https://github.com/eGkritsis/CVE-2025-61301 cve-icon cve-icon
https://github.com/kevoreilly/CAPEv2 cve-icon cve-icon
History

Mon, 20 Oct 2025 21:00:00 +0000

Type Values Removed Values Added
Description Denial-of-analysis in reporting/mongodb.py and reporting/jsondump.py in CAPEv2 (commit 52e4b43, on 2025-05-17) allows attackers who can submit samples to cause incomplete or missing behavioral analysis reports by generating deeply nested or oversized behavior data that trigger MongoDB BSON limits or orjson recursion errors when the sample executes in the sandbox.
References
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-10-20T20:45:12.409Z

Reserved: 2025-09-26T00:00:00.000Z

Link: CVE-2025-61301

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2025-10-20T21:15:38.203

Modified: 2025-10-20T21:15:38.203

Link: CVE-2025-61301

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.