CVE-2025-23184

Summary

A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients).

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache CXF0 < 3.5.10affected
Apache Software FoundationApache CXF3.6.0 < 3.6.5affected
Apache Software FoundationApache CXF4.0.0 < 4.0.6affected

Weaknesses

  • CWE-400: CWE-400 Uncontrolled Resource Consumption

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References