CVE-2025-23184

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-23184

Severity

7.5

High

CVSS V3

Eliminate CVEs with Chainguard hardened images

Build, ship, and run secure software with minimal, hardened container images — rebuilt from source daily and guarded under our industry-leading remediation SLA.

Start for free

Description

A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients).

References

https://nvd.nist.gov/vuln/detail/CVE-2025-23184
https://github.com/advisories/GHSA-fh5r-crhr-qrrq
https://www.vicarius.io/vsociety/posts/cve-2025-23184-detect-apache-cxf-vulnerability
https://www.vicarius.io/vsociety/posts/cve-2025-23184-mitigate-apache-cxf-vulnerability
https://security.netapp.com/advisory/ntap-20250214-0003/
https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122
http://www.openwall.com/lists/oss-security/2025/01/20/3

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2025-23184

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company