Vulnerability Details : CVE-2025-2240
A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory (OOM) issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial of service (DoS) issue.
Vulnerability category: Denial of service
Products affected by CVE-2025-2240
Please log in to view affected product information.
Exploit prediction scoring system (EPSS) score for CVE-2025-2240
0.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 44 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2025-2240
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
Red Hat, Inc. | 2025-03-12 |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
N/A
|
N/A
|
RedHat-CVE-2025-2240 | 2025-03-12 |
CWE ids for CVE-2025-2240
-
The product manages a group of objects or resources and performs a separate memory allocation for each object, but it does not properly limit the total amount of memory that is consumed by all of the combined objects.Assigned by: secalert@redhat.com (Secondary)
References for CVE-2025-2240
-
https://access.redhat.com/errata/RHSA-2025:3543
-
https://access.redhat.com/errata/RHSA-2025:3541
-
https://github.com/advisories/GHSA-gfh6-3pqw-x2j4
SmallRye Fault Tolerance out-of-memory (OOM) issue · CVE-2025-2240 · GitHub Advisory Database · GitHub
-
https://access.redhat.com/security/cve/CVE-2025-2240
CVE-2025-2240 - Red Hat Customer Portal
-
https://bugzilla.redhat.com/show_bug.cgi?id=2351452
2351452 – (CVE-2025-2240) CVE-2025-2240 smallrye-fault-tolerance: SmallRye Fault Tolerance
-
https://access.redhat.com/errata/RHSA-2025:3376
Jump to