CVE-2025-0736 — Infinispan vulnerable to Insertion of Sensitive Information into Log File

描述

A flaw was found in Infinispan, when using JGroups with JDBC_PING. This issue occurs when an application inadvertently exposes sensitive information, such as configuration details or credentials, through logging mechanisms. This exposure can lead to unauthorized access and exploitation by malicious actors.

如何修補 CVE-2025-0736

目前尚未發布修補版本。可考慮移除受影響套件,或參考下方連結中的上游建議。

—未列出修補版本

CVE-2025-0736 正在被利用嗎?

低 — EPSS 為 0.0%,目前沒有觀察到大規模利用活動。

受影響套件(1)

from 0, <= 15.1.4.Final

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.5	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

參考連結(5)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2025-0736
PATCHgithub.com/infinispan/infinispan
WEBaccess.redhat.com/errata/RHSA-2025:2663
WEBaccess.redhat.com/security/cve/CVE-2025-0736
WEBbugzilla.redhat.com