CVE-2025-2240

HIGH Year: 2025
CVSS v3 Score
7.5
High
Weakness Type
CWE-1325
View all →

Vulnerability Description

A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory (OOM) issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial of service (DoS) issue.

Related Vulnerabilities

CVE-2021-43174

HIGH
CVSS:7.5(High)

NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This encoding can be used by an RRDP repository to cause an out-of-...

CWE-13252021

CVE-2024-27796

HIGH
CVSS:8.1(High)

The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An attacker may be able to elevate privileges.

CWE-13252024

CVE-2024-2511

MEDIUM
CVSS:5.9(Medium)

Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to tr...

CWE-13252024

CVE-2024-27796

HIGH
CVSS:8.1(High)

The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An attacker may be able to elevate privileges.

CWE-13252024

CVE-2021-43174

HIGH
CVSS:7.5(High)

NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This encoding can be used by an RRDP repository to cause an out-of-...

CWE-13252021

CVE-2024-2511

MEDIUM
CVSS:5.9(Medium)

Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary: An attacker may exploit certain server configurations to tr...

CWE-13252024