High severityNVD Advisory· Published Jul 24, 2025· Updated Apr 15, 2026
CVE-2025-6998
CVE-2025-6998
Description
ReDoS in strip_whitespaces() function in cps/string_helper.py in Calibre Web and Autocaliweb allows unauthenticated remote attackers to cause denial of service via specially crafted username parameter that triggers catastrophic backtracking during login. This issue affects Calibre Web: 0.6.24 (Nicolette); Autocaliweb: from 0.7.0 before 0.7.1.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
calibrewebPyPI | <= 0.6.24 | — |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-2g7m-ph9x-7q7mghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-6998ghsaADVISORY
- fluidattacks.com/advisories/megadethnvdWEB
News mentions
0No linked articles in our index yet.