Security Bulletin: Rhino CVE-2025-66453 security vulnerability in FileNet Content Manager

Summary Rhino CVE-2025-66453 security vulnerability in FileNet Content Manager. Affected and vulnerable Vulnerability Details CVEID:CVE-2025-66453 DESCRIPTION: Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an applicatio...

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to rhino

Summary IBM webMethods BPM uses rhino to embed a JavaScript engine for executing internal scripts related to business logic and configuration. Vulnerability Details CVEID:CVE-2025-66453 DESCRIPTION: Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1,...

Security Bulletin: IBM DevOps Build addresses multiple vulnerabilities.

Summary IBM DevOps Build 7.1.0.3 addresses multiple vulnerabilities. Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the io.netty.handler.codec.http.HttpRequestEncoder...

SUSE: Security Advisory (SUSE-SU-2026:20603-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE 16 Security Update : rhino (openSUSE-SU-2026:20297-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20297-1 advisory. Update to 1.7.15.1: - CVE-2025-66453: Fixed a problem with formatting of floating-point numbers to strings that may result in DoS bsc1254481. Tenable ha...

SUSE SLES16 Security Update : rhino (SUSE-SU-2026:20603-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:20603-1 advisory. Update to 1.7.15.1: - CVE-2025-66453: Fixed a problem with formatting of floating-point numbers to strings that may result in DoS bsc125448...

SUSE-SU-2026:20603-1 Security update for rhino

This update for rhino fixes the following issues: Update to 1.7.15.1: - CVE-2025-66453: Fixed a problem with formatting of floating-point numbers to strings that may result in DoS bsc1254481...

OPENSUSE-SU-2026:20297-1 Security update for rhino

This update for rhino fixes the following issues: Update to 1.7.15.1: - CVE-2025-66453: Fixed a problem with formatting of floating-point numbers to strings that may result in DoS bsc1254481...

Security Bulletin: There is a vulnerability in rhino-1.7.15.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-66453)

Summary There is a vulnerability in rhino-1.7.15.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-66453 DESCRIPTION: Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1...

Security Bulletin: IBM i is affected by denial of service vulnerabilities in Db2 JSON Store Technology Preview [CVE-2025-66453]

Summary Db2 for IBM i JSON Store Technology Preview is vulnerable to a denial of service when using the toFixed function CVE-2025-66453 as described in the vulnerability details section. Vulnerability Details CVEID:CVE-2025-66453 DESCRIPTION: Rhino is an open-source implementation of JavaScript...

Security Bulletin: Due to use of Rhino JAR , IBM Sterling Connect:Direct Web Services is affected by high CPU consumption and a potential Denial of Service issue.

Summary rhino-1.7R4.jar is used by IBM Sterling Connect:Direct Web Services CVE-2025-66453. Vulnerability Details CVEID:CVE-2025-66453 DESCRIPTION: Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an...

CVE-2025-66453 affecting package rhino for versions less than 1.7.15.1-1

CVE-2025-66453 affecting package rhino for versions less than 1.7.15.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2009-4873

Stack-based buffer overflow in the HTTP server in Rhino Software Serv-U Web Client 9.0.0.5 allows remote attackers to cause a denial of service server crash or execute arbitrary code via a long Session cookie...

Amazon Linux 2023 : rhino, rhino-engine, rhino-javadoc (ALAS2023-2025-1339)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1339 advisory. Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the...

Medium: rhino

Issue Overview: Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed function, it might lead to high CPU consumption and a potential Denial of...

openSUSE Security Advisory (SUSE-SU-2025:4390-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2025:4390-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-66453

Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed function, it might lead to high CPU consumption and a potential Denial of Service. Small...

Denial Of Service

rhino is vulnerable to a Denial of Service. The vulnerability is due to improper handling of attacker-controlled floating-point values in the toFixed function, where small or specially crafted numbers trigger an expensive call chain that attempts to raise 5 to an extremely large power, and...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : rhino (SUSE-SU-2025:4390-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:4390-1 advisory. Update to version 1.7.15.1. Security issues fixed: - CVE-2025-66453: high CPU consumption when processing...