Description

Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash. Version 4.1.118.Final contains a patch. As workaround its possible to either disable the usage of the native SSLEngine or change the code manually.

INFO

Published Date :

2025-02-10T21:57:28.730Z

Last Modified :

2025-04-16T15:37:17.191Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-24970 vulnerability.

Vendors Products
Netapp
  • Active Iq Unified Manager
  • Oncommand Insight
Netty
  • Netty
Redhat
  • Amq Streams
  • Apache Camel Hawtio
  • Apache Camel Spring Boot
  • Camel K
  • Camel Quarkus
  • Jboss Data Grid
  • Jboss Enterprise Application Platform
  • Openshift Ai
  • Quarkus
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-24970.

URL Resource
https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4 cve-icon cve-icon cve-icon
https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw cve-icon cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-24970 cve-icon
https://security.netapp.com/advisory/ntap-20250221-0005/ cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-24970 cve-icon
https://www.vicarius.io/vsociety/posts/cve-2025-24970-netty-vulnerability-detection cve-icon
https://www.vicarius.io/vsociety/posts/cve-2025-24970-netty-vulnerability-mitigation cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact