Home > Vulnerability Database > CVE-2025-24970

Mend.io Vulnerability Database

CVE-2025-24970

Good to know:

Date: February 10, 2025

Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash. Version 4.1.118.Final contains a patch. As workaround its possible to either disable the usage of the native SSLEngine or change the code manually.

Severity Score

7.5

Related Resources (9)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-24970

Url: https://security.netapp.com/advisory/ntap-20250221-0005/

Url: https://www.vicarius.io/vsociety/posts/cve-2025-24970-netty-vulnerability-detection

Url: https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw

Url: https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4

Url: https://security.netapp.com/advisory/ntap-20250221-0005

Url: https://www.vicarius.io/vsociety/posts/cve-2025-24970-netty-vulnerability-mitigation

Url: https://github.com/netty/netty

Url: https://www.mend.io/vulnerability-database/CVE-2025-24970

Severity Score

7.5

Weakness Type (CWE)

Improper Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version io.netty:netty-handler:4.1.118.Final

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-24970

Good to know:

Date: February 10, 2025

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?