CVE-2026-25962
MEDIUM
6,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
Description
AI Translation Available
MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs currently extracts zip files without any size or entry-count limits. For example, instructors can upload a zip file to provide an assignment configuration; students can upload a zip file for an assignment submission and indicate its contents should be extracted. This issue has been patched in version 2.9.4.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0004
Percentile
0,1th
Updated
EPSS Score Trend (Last 11 Days)
409
Improper Handling of Highly Compressed Data (Data Amplification)
IncompleteCommon Consequences
Security Scopes Affected:
Availability
Potential Impacts:
Dos: Amplification
Dos: Crash, Exit, Or Restart
Dos: Resource Consumption (Cpu)
Dos: Resource Consumption (Memory)
Applicable Platforms
All platforms may be affected
Application
Markus by Markusproject
Version Range Affected
To
2.9.4
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:markusproject:markus:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/MarkUsProject/Markus/releases/tag/v2.9.4
https://github.com/MarkUsProject/Markus/security/advisories/GHSA-x8xv-j7fc-65x5