CVE-2025-5731

Summary

A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found.

Affected Software

VendorProductVersion RangeStatus
Red Hatinfinispan0 < 15.2.5affected

Weaknesses

  • CWE-209: Generation of Error Message Containing Sensitive Information

Workarounds

Currently, no mitigation is available for this vulnerability.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References