Description

Develocity (formerly Gradle Enterprise) before 2024.3.1 allows an attacker who has network access to a Develocity server to obtain the hashed password of the system user. The hash algorithm used by Develocity was chosen according to best practices for password storage and provides some protection against brute-force attempts. The applicable severity of this vulnerability depends on whether a Develocity server is accessible by external or unauthorized users, and the complexity of the System User password.

INFO

Published Date :

2025-01-26T00:00:00.000Z

Last Modified :

2025-02-12T20:01:14.275Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-24858 vulnerability.

Vendors Products
Gradle
  • Enterprise
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-24858.

URL Resource
https://security.gradle.com/advisory/2025-01 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability