Denial of Service Vulnerability in Apache CXF Software
CVE-2025-23184

5.9MEDIUM

Key Information:

Vendor

Apache
Status
Apache Cxf
Vendor
CVE Published:
21 January 2025

Badges

đź“° News Worthy

What is CVE-2025-23184?

A vulnerability in Apache CXF could lead to denial of service due to unclosed CachedOutputStream instances. This issue may arise in specific scenarios where these instances, when tied to temporary files, fail to close properly. As a result, the affected systems—both servers and clients—could experience file system saturation, potentially hindering their operational capabilities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Apache CXF 0 < 3.5.10

Apache CXF 3.6.0 < 3.6.5

Apache CXF 4.0.0 < 4.0.6

News Articles

favicon imageGBHackers News

Apache CXF Vulnerability Triggers DoS Attack

Colm O hEigeartaigh announced a critical vulnerability affecting various versions of Apache CXF, a widely-used framework for building web services.

References

https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8...
vendor-advisory

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • đź“°

    First article discovered by GBHackers News

  • Vulnerability published

  • Vulnerability Reserved

JSON
.