Description

A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients).

INFO

Published Date :

2025-01-21T09:35:37.468Z

Last Modified :

2025-12-15T15:58:16.867Z

Source :

apache
AFFECTED PRODUCTS

The following products are affected by CVE-2025-23184 vulnerability.

Vendors Products
Apache
  • Cxf
Redhat
  • Jboss Enterprise Application Platform
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-23184.

URL Resource
http://www.openwall.com/lists/oss-security/2025/01/20/3 cve-icon
https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122 cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-23184 cve-icon
https://security.netapp.com/advisory/ntap-20250214-0003/ cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-23184 cve-icon
https://www.vicarius.io/vsociety/posts/cve-2025-23184-detect-apache-cxf-vulnerability cve-icon
https://www.vicarius.io/vsociety/posts/cve-2025-23184-mitigate-apache-cxf-vulnerability cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact