CVE-2025-2529

Summary

Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from (malicious) external parties in an unfiltered/unsalted way.

Affected Software

VendorProductVersion RangeStatus
IBMTerracotta10.15.0 <= 10.15.0 IF23affected
IBMTerracotta11.1.0 <= 11.1.0 IF5affected

Weaknesses

  • CWE-228: CWE-228 Improper Handling of Syntactically Invalid Structure

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References