CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-5731: Infinispan: credential leakage in infinispan cli

Description

A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found.

Classification

CVE ID: CVE-2025-5731

Problem Types

Generation of Error Message Containing Sensitive Information

Affected Products

Vendor: Red Hat

Product: Red Hat Data Grid 8, Red Hat JBoss Enterprise Application Platform 7, Red Hat JBoss Enterprise Application Platform 8, Red Hat JBoss Enterprise Application Platform Expansion Pack

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 1.83% (scored less or equal to compared to others)

EPSS Date: 2025-07-15 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-5731
https://access.redhat.com/security/cve/CVE-2025-5731
https://bugzilla.redhat.com/show_bug.cgi?id=2370429

Timeline