Vulnerability in Pekko Management's Basic Authentication Setup
CVE-2025-46548

6.5MEDIUM

Key Information:

Vendor: Apache
Status: Apache Pekko Management; Akka Management
Vendor: CVE Published:; 3 June 2025

What is CVE-2025-46548?

A vulnerability in Pekko Management can lead to unauthorized access when Basic Authentication is enabled via the Java DSL. The authenticator might not be correctly applied, creating potential security risks. Users are strongly advised to ensure that Management API ports are restricted to trusted users and to upgrade to version 1.1.1, where this issue has been resolved. For further information, refer to the relevant patches and vendor advisory.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Akka Management 0 < 1.6.1

References

https://github.com/apache/pekko-management/pull/418

patch

https://github.com/akka/akka-management/pull/1385

https://lists.apache.org/thread/tnd84hj9w0ggjcft6cp12q67d...

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 3, 2025
Vulnerability Reserved
Apr 24, 2025

Credit

Per-Ivar Bakke of GE Vernova

JSON

Apache