CISA Thorium Unauthenticated Remote Crash Vulnerability via Email Error Handling
Vulnerability
A vulnerability exists in CISA Thorium versions 1.0.0 prior to 6a65a27, where the application improperly manages errors related to account verification emails by using '.unwrap()'. This flaw allows an unauthenticated remote attacker to cause a crash by sending a specially crafted email address or response.
Impact
Exploitation of this vulnerability leads to a crash of the CISA Thorium application.
Remediation
This vulnerability has been fixed in CISA Thorium version 6a65a27.
Added: Sep 17, 2025, 5:19 PM
Updated: Sep 17, 2025, 5:19 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
2.5exploitability
7.4remediation
0.0relevance
0.5threat
0.0urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.