Progress Telerik UI for AJAX
Moderate fix4 remedies
cpe:2.3:a:telerik:ui_for_asp.net_ajax:*:*:*:*:*:*:*
Moderate fix4 remedies
- >= 2011.2.712, <= 2025.1.218
Progress Telerik UI for AJAX Unsafe Reflection Vulnerability Leading to Denial-of-Service
Vulnerability
Patched
A denial-of-service vulnerability has been identified in Progress Telerik UI for AJAX, affecting versions 2011.2.712 prior to 2025.1.218. The issue arises from an unsafe reflection vulnerability that allows an attacker to send a specially crafted request, triggering an unhandled exception. This exception causes a crash of the hosting process, leading to a denial-of-service condition while the application is restarting.
Impact
Exploitation of this vulnerability causes an unhandled exception that crashes the hosting process, leading to a denial-of-service condition while the application is restarting.
Remediation
Users are advised to upgrade to Progress Telerik UI for AJAX version 2025.1.416 or later. For those using 2024 Q2 or later but unable to upgrade the project, an assembly binding redirect can be applied. If an immediate upgrade is not possible, the vulnerability can be mitigated using the HTTP Request Filtering Module or URL Rewrite approaches.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
4.2impact
0.6exploitability
4.7remediation
7.7relevance
0.0threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.