Skip to main content

Early Access — Mondoo Vulnerability Intelligence is currently in preview.

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

CVE-2025-53636 | Mondoo Vulnerability Intelligence

CVE-2025-53636

MEDIUM5.4

Open OnDemand Shell App closed websocket DoS

Published Jul 11, 2025

Modified 6 months ago

No fix available

Details

Open OnDemand is an open-source HPC portal. Users can flood logs by interacting with the shell app and generating many errors. Users who flood logs can create very large log files causing a Denial of Service (DoS) to the ondemand system. This vulnerability is fixed in 3.1.14 and 4.0.6.

References

WEBhttps://github.com/OSC/ondemand/commit/40800d68cd019c5f1c48b2deafebba6dff4abee2 WEBhttps://github.com/OSC/ondemand/commit/96f29b995e1add7562516614e4dc8d961987e8b4 WEBhttps://github.com/OSC/ondemand/security/advisories/GHSA-x5xv-fw37-v524 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2025-53636

CVSS Analysis

CVSS v3.1

5.4

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

LowI:L

Availability

LowA:L

5.4/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Weakness Type (CWE)

Other

Resource Management

Resource Exhaustion

Ecosystems

Timeline

PublishedJul 11, 2025

ModifiedJul 14, 2025