{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T02:55:32.431","vulnerabilities":[{"cve":{"id":"CVE-2025-23184","sourceIdentifier":"security@apache.org","published":"2025-01-21T10:15:08.110","lastModified":"2025-12-15T16:15:52.643","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients)."},{"lang":"es","value":"Hay una posible vulnerabilidad de denegación de servicio presente en versiones de Apache CXF anteriores a 3.5.10, 3.6.5 y 4.0.6. En algunos casos extremos, es posible que las instancias de CachedOutputStream no se cierren y, si están respaldadas por archivos temporales, pueden llenar el archivo sistema (se aplica a servidores y clientes)."}],"metrics":{"cvssMetricV31":[{"source":"security@apache.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*","versionEndExcluding":"3.5.10","matchCriteriaId":"4F551B7C-101F-4859-B2CD-C9F76D7C61F2"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6.0","versionEndExcluding":"3.6.5","matchCriteriaId":"A581BA3B-93A1-4AED-AAF7-041EFC91EFE7"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.0.6","matchCriteriaId":"3533A0DD-FA20-4427-A9A3-3FAFFF37D5BF"}]}]}],"references":[{"url":"https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122","source":"security@apache.org","tags":["Mailing List"]},{"url":"http://www.openwall.com/lists/oss-security/2025/01/20/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List"]},{"url":"https://security.netapp.com/advisory/ntap-20250214-0003/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.vicarius.io/vsociety/posts/cve-2025-23184-detect-apache-cxf-vulnerability","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.vicarius.io/vsociety/posts/cve-2025-23184-mitigate-apache-cxf-vulnerability","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}