Medium severity4.3NVD Advisory· Published Jan 26, 2026· Updated Apr 15, 2026
CVE-2025-14969
CVE-2025-14969
Description
A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. This action may lead to leaking connections from the database connection pool, potentially causing a Denial of Service (DoS) by exhausting available database connections.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.hibernate.reactive:hibernate-reactive-coreMaven | < 4.2.1 | 4.2.1 |
Affected products
1Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-frpp-8pwq-hjrxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-14969ghsaADVISORY
- access.redhat.com/errata/RHSA-2026:1965nvdWEB
- access.redhat.com/security/cve/CVE-2025-14969nvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- github.com/hibernate/hibernate-reactive/commit/cd7f104e10de918004707ca0e26e3840976f780aghsaWEB
News mentions
0No linked articles in our index yet.