Denial of Service Vulnerability in Apache CXF Software
CVE-2025-23184

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Cxf
Vendor: CVE Published:; 21 January 2025

Badges

📰 News Worthy

What is CVE-2025-23184?

A vulnerability in Apache CXF could lead to denial of service due to unclosed CachedOutputStream instances. This issue may arise in specific scenarios where these instances, when tied to temporary files, fail to close properly. As a result, the affected systems—both servers and clients—could experience file system saturation, potentially hindering their operational capabilities.

Affected Version(s)

Apache CXF 0 < 3.5.10

Apache CXF 3.6.0 < 3.6.5

Apache CXF 4.0.0 < 4.0.6

News Articles

GBHackers News

CVE-2025-23184

Apache CXF Vulnerability Triggers DoS Attack

Colm O hEigeartaigh announced a critical vulnerability affecting various versions of Apache CXF, a widely-used framework for building web services.

References

https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by GBHackers News
Jan 21, 2025
Vulnerability published
Jan 21, 2025
Vulnerability Reserved
Jan 13, 2025