/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CGA-c9h7-9vhr-w3jj

Published

Last updated

https://images.chainguard.dev/security/CGA-c9h7-9vhr-w3jj
Package

camunda-zeebe-8.6

Repository

Chainguard

Latest Update
Pending upstream fix
Aliases
  • CVE-2025-41242
  • GHSA-r936-gwx5-v52f

Severity

Unknown

References

  • https://nvd.nist.gov/vuln/detail/CVE-2025-41242

Updates

Status

Pending upstream fix

Impact

The remediation attempt began by upgrading spring-webmvc to 6.2.10. While the build completed successfully, the application failed at startup due to incompatibility with the existing spring-boot version (3.3.11). A subsequent upgrade of spring-boot to 3.4.7 also failed at build time. This indicates an upstream dependency misalignment between Spring Boot and Spring WebMVC. Upstream must resolve these versioning inconsistencies before we can successfully upgrade and remediate the vulnerability.

Status

Under investigation


Safe Source for Open Sourceâ„¢
Contact us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing