Vulnerability

CVE-2025-23184

 Report advisory or correction

CVSS Score 7.5 high

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-400

References

https://cxf.apache.org/security-advisories.data/CVE-2025-23184.txt?version=2&modificationDate=1737381863000&api=v2
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2025-23184

[CVE-2025-23184] CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')

Description

A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients).