{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T00:14:04.421","vulnerabilities":[{"cve":{"id":"CVE-2025-46548","sourceIdentifier":"security@apache.org","published":"2025-06-03T15:15:59.110","lastModified":"2025-07-02T14:19:10.130","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"If you enable Basic Authentication in Pekko Management using the Java DSL, the authenticator may not be properly applied.\n\n\nUsers that rely on authentication instead of making sure the Management API ports are only available to trusted users are recommended to upgrade to version 1.1.1, which fixes this issue.\n\n\n\n\nAkka was affected by the same issue and has released the fix in version 1.6.1."},{"lang":"es","value":"Si habilita la autenticación básica en Pekko Management mediante el DSL de Java, es posible que el autenticador no se aplique correctamente. Se recomienda a los usuarios que dependen de la autenticación en lugar de asegurarse de que los puertos de la API de administración solo estén disponibles para usuarios de confianza que actualicen a la versión 1.1.1, que soluciona este problema."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:pekko_management:*:*:*:*:*:*:*:*","versionStartIncluding":"1.0.0","versionEndIncluding":"1.1.1","matchCriteriaId":"100D0B74-D9C2-4DC2-B14E-25416E0A7B7B"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:akka:akka_management:*:*:*:*:*:*:*:*","versionEndExcluding":"1.6.1","matchCriteriaId":"216EF615-CEA6-4CF7-8BE2-E215442B8935"}]}]}],"references":[{"url":"https://github.com/akka/akka-management/pull/1385","source":"security@apache.org","tags":["Exploit","Issue Tracking"]},{"url":"https://github.com/apache/pekko-management/pull/418","source":"security@apache.org","tags":["Issue Tracking","Patch"]},{"url":"https://lists.apache.org/thread/tnd84hj9w0ggjcft6cp12q67d5jzhp66","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2025/06/03/7","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}}]}