Password Hash Exposure in Develocity by Gradle
CVE-2025-24858

8.3HIGH

Key Information:

Vendor: Gradle
Status: Enterprise
Vendor: CVE Published:; 26 January 2025

What is CVE-2025-24858?

A vulnerability exists in Develocity (formerly known as Gradle Enterprise) that allows attackers with network access to retrieve the hashed password of a system user. Although the hashing algorithm employed by Develocity conforms to recognized best practices for password security, it may still be susceptible to brute-force attacks, particularly if the system user has a weak password. The risk of exploitation depends on the access level of the Develocity server, highlighting the importance of securing the server against unauthorized access.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Enterprise 2020.4 < 2024.1.9

Enterprise 2024.2 < 2024.2.7

Enterprise 2024.3 < 2024.3.1

References

https://security.gradle.com/advisory/2025-01

CVSS V4

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Jan 26, 2025
Vulnerability Reserved
Jan 26, 2025

JSON

Gradle