4.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-3986

GHSA ID

GHSA-mvwq-hcrj-f5x9

EPSS Score

0.1719%

CWE

CWE-400

Published

4/27/2025

Updated

4/28/2025

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-3986

CVE-2025-3986:
Apereo CAS has inefficient regular expression complexity

A vulnerability was found in Apereo CAS 5.2.6. It has been declared as problematic. This vulnerability affects unknown code of the file cas-5.2.6\core\cas-server-core-configuration-metadata-repository\src\main\java\org\apereo\cas\metadata\rest\CasConfigurationMetadataServerController.java. The manipulation of the argument Name leads to inefficient regular expression complexity. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

(GitHub Advisory)

4.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-3986

GHSA ID

GHSA-mvwq-hcrj-f5x9

EPSS Score

0.1719%

CWE

CWE-400

Published

4/27/2025

Updated

4/28/2025

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.apereo.cas:cas-server-core-configuration-metadata-repository	maven	<= 5.2.6

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability description points to a specific file and argument (Name) in Apereo CAS 5.2.6, related to inefficient regular expression complexity. However, attempts to fetch the relevant file content for this version and the commits associated with the v5.2.6 tag failed. Without access to the source code or specific patch details, it's impossible to identify the exact vulnerable functions, their signatures, or the precise code changes that constitute the vulnerability or its fix. The available information from VulnDB and NVD describes the vulnerability at a high level but does not provide the necessary code-level details for this analysis.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* vuln*r**ility w*s *oun* in *p*r*o **S *.*.*. It **s ***n ***l*r** *s pro*l*m*ti*. T*is vuln*r**ility *****ts unknown *o** o* t** *il* **s-*.*.*\*or*\**s-s*rv*r-*or*-*on*i*ur*tion-m*t***t*-r*pository\sr*\m*in\j*v*\or*\*p*r*o\**s\m*t***t*\r*st\**s*on

Reasoning

T** vuln*r**ility **s*ription points to * sp**i*i* *il* *n* *r*um*nt (`N*m*`) in *p*r*o **S *.*.*, r*l*t** to in***i*i*nt r**ul*r *xpr*ssion *ompl*xity. *ow*v*r, *tt*mpts to **t** t** r*l*v*nt *il* *ont*nt *or t*is v*rsion *n* t** *ommits *sso*i*t**

4.3

Basic Information

Concerned about an active attack path?

CVE-2025-3986: Apereo CAS has inefficient regular expression complexity

4.3

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2025-3986:
Apereo CAS has inefficient regular expression complexity

Vulnerability Intelligence
Miggo AI