Vulnerability

CVE-2025-22227

 Report advisory or correction

CVSS Score 5.9 medium

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CWE

CWE-200

References

https://github.com/advisories/GHSA-4q2v-9p7v-3v22
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-22227

[CVE-2025-22227] CWE-200: Information Exposure

Description

In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects.

See io.projectreactor.netty/reactor-netty-http package information