Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAB8XdGB8U5qgWJB9DHPWFjb+GTGr_nZ8vm+RDrAqjyhD0H=_pw@mail.gmail.com>
Date: Tue, 15 Jul 2025 15:01:28 +0100
From: Colm O hEigeartaigh <coheigea@...che.org>
To: oss-security@...ts.openwall.com
Subject: CVE-2025-48795: Apache CXF: Denial of Service and sensitive data
 exposure in logs

Severity: moderate

Affected versions:

- Apache CXF 3.5.10 before 3.5.11
- Apache CXF 3.6.5 before 3.6.6
- Apache CXF 4.0.6 before 4.0.7
- Apache CXF 4.1.0 before 4.1.1

Description:

Apache CXF stores large stream based messages as temporary files on
the local filesystem. A bug was introduced which means that the entire
temporary file is read into memory and then logged. An attacker might
be able to exploit this to cause a denial of service attack by causing
an out of memory exception. In addition, it is possible to configure
CXF to encrypt temporary files to prevent sensitive credentials from
being cached unencrypted on the local filesystem, however this bug
means that the cached files are written out to logs unencrypted.

Users are recommended to upgrade to versions 3.5.11, 3.6.6, 4.0.7 or
4.1.1, which fixes this issue.

Credit:

MAUGIN Thomas https://github.com/Thom-x, Qlik (finder)

References:

https://cxf.apache.org/
https://www.cve.org/CVERecord?id=CVE-2025-48795

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.