CVE-2025-2240

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-2240

CGA ID

CGA-mm5q-58w8-7rwv

Severity

Unknown

Summary

SmallRye Fault Tolerance out-of-memory (OOM) issue

Description

A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory (OOM) issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial of service (DoS) issue.

References

https://images.chainguard.dev/security/CGA-mm5q-58w8-7rwv
https://github.com/advisories/GHSA-gfh6-3pqw-x2j4
https://nvd.nist.gov/vuln/detail/CVE-2025-2240
https://github.com/smallrye/smallrye-fault-tolerance/pull/985
https://github.com/smallrye/smallrye-fault-tolerance/pull/985/files#diff-88c4a089e0cb88e4bdf285490e2617c29b9979a778e33957e4448260e286b91aR299
https://github.com/smallrye/smallrye-fault-tolerance/commit/e8bcad3d5e8bbac0a3219bd5c13661adf6ed6bbb
https://access.redhat.com/errata/RHSA-2025:3376
https://access.redhat.com/errata/RHSA-2025:3541
https://access.redhat.com/security/cve/CVE-2025-2240
https://bugzilla.redhat.com/show_bug.cgi?id=2351452
https://github.com/smallrye/smallrye-fault-tolerance
https://smallrye.io/blog/fault-tolerance-6-9-0

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2025-2240

Severity

Summary

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources