Denial of Service Vulnerability in Apache CXF Software
CVE-2025-23184

5.9MEDIUM

Key Information:

Vendor: Apache
Status: Apache Cxf
Vendor: CVE Published:; 21 January 2025

Badges

📰 News Worthy

Summary

A vulnerability in Apache CXF could lead to denial of service due to unclosed CachedOutputStream instances. This issue may arise in specific scenarios where these instances, when tied to temporary files, fail to close properly. As a result, the affected systems—both servers and clients—could experience file system saturation, potentially hindering their operational capabilities.

Affected Version(s)

Apache CXF 0 < 3.5.10

Apache CXF 3.6.0 < 3.6.5

Apache CXF 4.0.0 < 4.0.6

News Articles

GBHackers News

CVE-2025-23184

Apache CXF Vulnerability Triggers DoS Attack

Colm O hEigeartaigh announced a critical vulnerability affecting various versions of Apache CXF, a widely-used framework for building web services.

2 weeks ago

References

https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8...

vendor-advisory

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

📰
First article discovered by GBHackers News
Jan 21, 2025
Vulnerability published
Jan 21, 2025
Vulnerability Reserved
Jan 13, 2025

Key Information:

Badges

Summary

Affected Version(s)

Get notified when SecurityVulnerability.io launches alerting 🔔

News Articles

Apache CXF Vulnerability Triggers DoS Attack

References

CVSS V3.1

Timeline