oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2025-23184: Apache CXF: Denial of Service vulnerability with temporary files

From: Colm O hEigeartaigh <coheigea () apache org>
Date: Mon, 20 Jan 2025 15:24:18 +0000
Affected versions:

- Apache CXF before 3.5.10
- Apache CXF 3.6.0 before 3.6.5
- Apache CXF 4.0.0 before 4.0.6

Description:

A potential denial of service vulnerability is present in versions of
Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the
CachedOutputStream instances may not be closed and, if backed by
temporary files, may fill up the file system (it applies to servers
and clients).

This issue is being tracked as CXF-7396

References:

https://cxf.apache.org/
https://www.cve.org/CVERecord?id=CVE-2025-23184
https://issues.apache.org/jira/browse/CXF-7396
Previous By Date Next
Previous By Thread Next

Current thread: