Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-2240

Good to know:

icon
icon

Date: March 12, 2025

A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory (OOM) issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial of service (DoS) issue.

Severity Score

Related Resources (13)

https://access.redhat.com/errata/RHSA-2025:3376
https://access.redhat.com/errata/RHSA-2025:3541
https://smallrye.io/blog/fault-tolerance-6-9-0
https://bugzilla.redhat.com/show_bug.cgi?id=2351452
https://github.com/smallrye/smallrye-fault-tolerance/pull/985
https://nvd.nist.gov/vuln/detail/CVE-2025-2240
https://github.com/smallrye/smallrye-fault-tolerance/commit/e8bcad3d5e8bbac0a3219bd5c13661adf6ed6bbb
https://github.com/smallrye/smallrye-fault-tolerance/pull/985/files#diff-88c4a089e0cb88e4bdf285490e2617c29b9979a778e33957e4448260e286b91aR299
https://access.redhat.com/security/cve/CVE-2025-2240
https://github.com/smallrye/smallrye-fault-tolerance
https://github.com/advisories/GHSA-gfh6-3pqw-x2j4
https://access.redhat.com/errata/RHSA-2025:3543
https://www.mend.io/vulnerability-database/CVE-2025-2240

Severity Score

Weakness Type (CWE)

Improperly Controlled Sequential Memory Allocation

CWE-1325

Top Fix

icon

Upgrade Version

Upgrade to version io.smallrye:smallrye-fault-tolerance-core:6.4.2;io.smallrye:smallrye-fault-tolerance-core:6.9.0

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us