CVE-2025-5731

CWE-209 CWE-787 — Out-of-bounds Write6 documents6 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 91.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

RED HAT Infinispan Redhat Data Grid Redhat Jboss Enterprise Application Platform

Timeline

PublishedJun 26

Latest updateJun 27

Description

A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5red_hat/infinispan< 15.2.5

▶Mavenorg.infinispan:infinispan-cli-client16.0.0.Dev01

▶NVDredhat/data_grid8.5.4

▶NVDredhat/jboss_enterprise_application_platform7.0.0, 8.0.0+1

🔴Vulnerability Details

OSV

Infinispan CLI vulnerable to Generation of Error Message Containing Sensitive Information↗2025-06-27

▶

GHSA

Infinispan CLI vulnerable to Generation of Error Message Containing Sensitive Information↗2025-06-27

▶

CVEList

Infinispan: credential leakage in infinispan cli↗2025-06-26

▶

📋Vendor Advisories

Red Hat

infinispan: Credential Leakage in Infinispan CLI↗2025-06-26

▶

Microsoft

Memory safety bugs present in Firefox 118. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.↗2023-10-10

▶