5.5

CVE-2025-5731

Infinispan: credential leakage in infinispan cli

A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.14% 0.034
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE-209 Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

https://access.redhat.com/security/cve/CVE-2025-5731
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2370429
Third Party Advisory
Issue Tracking
https://access.redhat.com/errata/RHSA-2025:10130
Third Party Advisory