CVE-2025-61728

CVE Details

Visit the official vulnerability details page for CVE-2025-61728 to learn more.

Initial Publication

01/28/2026

Last Update

02/06/2026

Third Party Dependency

NIST CVE Summary

archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.

CVE Severity

6.5

Our Official Summary

Investigation is ongoing to determine how this vulnerability affects our products.

Status

Analyzed

Affected Products & Versions

Version	PaletteAI	PaletteAI VerteX
0.7.1	⚠️ Impacted	⚠️ Impacted
0.6.6	⚠️ Impacted	⚠️ Impacted
0.5.11	⚠️ Impacted	⚠️ Impacted

Revision History

No revisions available.

CVE Details​

Initial Publication​

Last Update​

Third Party Dependency​

NIST CVE Summary​

CVE Severity​

Our Official Summary​

Status​

Affected Products & Versions​

Revision History​