CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-0736: Org.infinispan-infinispan-parent: exposure of sensitive information in application logs

Description

A flaw was found in Infinispan, when using JGroups with JDBC_PING. This issue occurs when an application inadvertently exposes sensitive information, such as configuration details or credentials, through logging mechanisms. This exposure can lead to unauthorized access and exploitation by malicious actors.

Classification

CVE ID: CVE-2025-0736

Affected Products

Vendor: Red Hat

Product: Red Hat Data Grid 8

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.77% (scored less or equal to compared to others)

EPSS Date: 2025-02-27 (when was this score calculated)

References

https://access.redhat.com/security/cve/CVE-2025-0736
https://bugzilla.redhat.com/show_bug.cgi?id=2342233

Timeline

2025-01-28 20:15:18 UTC
Github Advisory Database (Maven)

[org.infinispan:infinispan-parent] Infinispan vulnerable to Insertion of Sensitive Information into Log File
2025-01-29 10:30:10 UTC
CVE

Org.infinispan-infinispan-parent: exposure of sensitive information in application logs