Critical Vulnerability Information Vulnerability Title: Unrestricted setPerPage allows huge result sets / resource exhaustion / mass log retrieval Report ID: #3413890 Report Time: November 6, 2025, 8:45 AM UTC Reporter: vidang04 Target Product: Revive Adserver Severity: Medium (6.5) CVE ID: CVE-2025-55128 Description The query parameter controls pagination for the log viewer but is not validated or capped on the server. An attacker can supply an extremely large numeric value (for example, ), and the application will attempt to honor that value when building the result set. This can lead to excessive database processing, large response sizes, application slowdowns, and may enable bulk retrieval of log entries. Steps 1. Authenticate as a user with access to the log viewer. 2. The values normally range from 10 to 100. However, setting to 300 still results in the site returning results. Vulnerability Type Allocation of Resources Without Limits or Throttling