SB2025112743 - IBM App Connect Enterprise Certified Container operands update for Starlette 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025112743

SB2025112743 - IBM App Connect Enterprise Certified Container operands update for Starlette

Published: November 27, 2025

Security Bulletin ID SB2025112743
Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2025-54121)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to when parsing a multi-part form with large files (greater than the default max spool size) starlette will block the main thread to roll the file over to disk. This blocks the event thread which means the application can't accept new connections. The UploadFile code has a minor bug where instead of just checking for self._in_memory, the logic should also check if the additional bytes will cause a rollover. A remote attacker can the vulnerability and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References