Vulnerability in Pekko Management's Basic Authentication Setup
CVE-2025-46548

6.5MEDIUM

Key Information:

Vendor

Apache

Vendor
CVE Published:
3 June 2025

What is CVE-2025-46548?

A vulnerability in Pekko Management can lead to unauthorized access when Basic Authentication is enabled via the Java DSL. The authenticator might not be correctly applied, creating potential security risks. Users are strongly advised to ensure that Management API ports are restricted to trusted users and to upgrade to version 1.1.1, where this issue has been resolved. For further information, refer to the relevant patches and vendor advisory.

Affected Version(s)

Apache Pekko Management 1.0.0 < 1.1.1

Apache Pekko Management 1.0.0 < 1.1.1

Apache Pekko Management 1.0.0 < 1.1.1

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Per-Ivar Bakke of GE Vernova
.