Medium severity5.5NVD Advisory· Published Jan 28, 2025· Updated Apr 15, 2026

CVE-2025-0736

Description

A flaw was found in Infinispan, when using JGroups with JDBC_PING. This issue occurs when an application inadvertently exposes sensitive information, such as configuration details or credentials, through logging mechanisms. This exposure can lead to unauthorized access and exploitation by malicious actors.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.infinispan:infinispan-parentMaven	<= 15.1.4.Final	—

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-269m-c36j-r834ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2025-0736ghsaADVISORY
access.redhat.com/errata/RHSA-2025:2663nvdWEB
access.redhat.com/security/cve/CVE-2025-0736nvdWEB
bugzilla.redhat.com/show_bug.cginvdWEB

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000