CVE-2025-25193Uncontrolled Resource Consumption in Netty

CWE-400Uncontrolled Resource ConsumptionCWE-770Allocation of Resources Without Limits or Throttling9 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 73.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
8
NettyDebian NettyMsrc Azl3 Mozjs 102.15.1-1 ON Azure Linux 3.0+5 more
Timeline
PublishedFeb 10
Latest updateJan 15

Description

Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 4.1.118.Final. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crash. A similar issue was previously reported as CVE-2024-47535. This issue was fixed, but the fix was incomplete in t

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages8 packages

NVDnetty/netty< 4.1.118
debiandebian/netty

Patches

Patch: github.com

🔴Vulnerability Details

3
OSV
CVE-2025-25193: Netty, an asynchronous, event-driven network application framework, has a vulnerability in versions up to and including 42025-02-10
OSV
Denial of Service attack on windows app using Netty2025-02-10
GHSA
Denial of Service attack on windows app using Netty2025-02-10

📋Vendor Advisories

5
Oracle
Oracle Oracle Communications Risk Matrix: Security (Netty) — CVE-2025-251932026-01-15
Oracle
Oracle Oracle Analytics Risk Matrix: Analytics Server (Netty) — CVE-2025-251932025-10-15
Red Hat
netty: Denial of Service attack on windows app using Netty2025-02-10
Debian
CVE-2025-25193: netty - Netty, an asynchronous, event-driven network application framework, has a vulner...2025
Microsoft
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.2023-02-14