Home > Vulnerability Database > CVE-2025-23184

Mend.io Vulnerability Database

CVE-2025-23184

Good to know:

Date: January 21, 2025

A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients).

Severity Score

5.9

Related Resources (13)

Url: http://www.openwall.com/lists/oss-security/2025/01/20/3

Url: https://github.com/apache/cxf/pull/2048

Url: https://github.com/apache/cxf/pull/2111

Url: https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122

Url: https://github.com/apache/cxf

Url: https://security.netapp.com/advisory/ntap-20250214-0003/

Url: https://security.netapp.com/advisory/ntap-20250214-0003

Url: https://issues.apache.org/jira/browse/CXF-7396

Url: https://www.vicarius.io/vsociety/posts/cve-2025-23184-detect-apache-cxf-vulnerability

Url: https://www.vicarius.io/vsociety/posts/cve-2025-23184-mitigate-apache-cxf-vulnerability

Url: https://seclists.org/oss-sec/2025/q1/33

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-23184

Url: https://www.mend.io/vulnerability-database/CVE-2025-23184

Severity Score

5.9

Weakness Type (CWE)

Uncontrolled Resource Consumption

CWE-400

Top Fix

Upgrade Version

Upgrade to version org.apache.cxf:cxf-core:3.6.5;org.apache.cxf:cxf-core:4.0.6;org.apache.cxf:cxf-core:3.5.10

Learn More

CVSS v3.1

Base Score:	5.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-23184

Good to know:

Date: January 21, 2025

Severity Score

Related Resources (13)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?