Medium severity6.1GHSA Advisory· Published Jul 16, 2025· Updated Apr 15, 2026
CVE-2025-22227
CVE-2025-22227
Description
In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.projectreactor.netty:reactor-netty-httpMaven | >= 1.3.0-M1, < 1.3.0-M5 | 1.3.0-M5 |
io.projectreactor.netty:reactor-netty-httpMaven | < 1.2.8 | 1.2.8 |
Affected products
139- Range: < 1.2.8
- osv-coords138 versionspkg:apk/chainguard/apache-nifipkg:apk/chainguard/apache-nifi-compatpkg:apk/chainguard/apache-nifi-toolkitpkg:apk/chainguard/camunda-zeebe-8.3pkg:apk/chainguard/camunda-zeebe-8.3-compatpkg:apk/chainguard/camunda-zeebe-8.5pkg:apk/chainguard/camunda-zeebe-8.5-compatpkg:apk/chainguard/camunda-zeebe-8.6pkg:apk/chainguard/camunda-zeebe-8.6-compatpkg:apk/chainguard/camunda-zeebe-8.7pkg:apk/chainguard/camunda-zeebe-8.7-compatpkg:apk/chainguard/druidpkg:apk/chainguard/druid-compatpkg:apk/chainguard/elasticsearch-8pkg:apk/chainguard/elasticsearch-8.17pkg:apk/chainguard/elasticsearch-8.17-bitnamipkg:apk/chainguard/elasticsearch-8.17-configpkg:apk/chainguard/elasticsearch-8-bitnamipkg:apk/chainguard/elasticsearch-8-configpkg:apk/chainguard/elasticsearch-8-iamguardedpkg:apk/chainguard/elasticsearch-9pkg:apk/chainguard/elasticsearch-9.0pkg:apk/chainguard/elasticsearch-9.0-bitnamipkg:apk/chainguard/elasticsearch-9.0-configpkg:apk/chainguard/elasticsearch-9.0-iamguardedpkg:apk/chainguard/elasticsearch-9.4pkg:apk/chainguard/elasticsearch-9.4-iamguardedpkg:apk/chainguard/elasticsearch-9-bitnamipkg:apk/chainguard/elasticsearch-9-configpkg:apk/chainguard/elasticsearch-9-iamguardedpkg:apk/chainguard/elasticsearch-configpkg:apk/chainguard/elasticsearch-fips-8pkg:apk/chainguard/elasticsearch-fips-8-bitnamipkg:apk/chainguard/elasticsearch-fips-8-configpkg:apk/chainguard/elasticsearch-fips-8-policy-140-2pkg:apk/chainguard/elasticsearch-fips-8-policy-140-3pkg:apk/chainguard/elasticsearch-fips-9pkg:apk/chainguard/elasticsearch-fips-9.4pkg:apk/chainguard/elasticsearch-fips-9-bitnamipkg:apk/chainguard/elasticsearch-fips-9-configpkg:apk/chainguard/flywaypkg:apk/chainguard/opensearch-3pkg:apk/chainguard/opensearch-3-alertingpkg:apk/chainguard/opensearch-3-analysis-icupkg:apk/chainguard/opensearch-3-analysis-kuromojipkg:apk/chainguard/opensearch-3-analysis-noripkg:apk/chainguard/opensearch-3-analysis-phoneticpkg:apk/chainguard/opensearch-3-analysis-smartcnpkg:apk/chainguard/opensearch-3-analysis-stempelpkg:apk/chainguard/opensearch-3-analysis-ukrainianpkg:apk/chainguard/opensearch-3-anomaly-detectionpkg:apk/chainguard/opensearch-3-asynchronous-searchpkg:apk/chainguard/opensearch-3-cross-cluster-replicationpkg:apk/chainguard/opensearch-3-crypto-kmspkg:apk/chainguard/opensearch-3-custom-codecspkg:apk/chainguard/opensearch-3-discovery-azure-classicpkg:apk/chainguard/opensearch-3-discovery-ec2pkg:apk/chainguard/opensearch-3-discovery-gcepkg:apk/chainguard/opensearch-3-geospatialpkg:apk/chainguard/opensearch-3-identity-shiropkg:apk/chainguard/opensearch-3-index-managementpkg:apk/chainguard/opensearch-3-ingest-attachmentpkg:apk/chainguard/opensearch-3-job-schedulerpkg:apk/chainguard/opensearch-3-k-nnpkg:apk/chainguard/opensearch-3-mapper-annotated-textpkg:apk/chainguard/opensearch-3-mapper-murmur3pkg:apk/chainguard/opensearch-3-mapper-sizepkg:apk/chainguard/opensearch-3-ml-commonspkg:apk/chainguard/opensearch-3-neural-searchpkg:apk/chainguard/opensearch-3-notificationspkg:apk/chainguard/opensearch-3-observabilitypkg:apk/chainguard/opensearch-3-performance-analyzerpkg:apk/chainguard/opensearch-3-reportingpkg:apk/chainguard/opensearch-3-repository-azurepkg:apk/chainguard/opensearch-3-repository-gcspkg:apk/chainguard/opensearch-3-repository-s3pkg:apk/chainguard/opensearch-3-securitypkg:apk/chainguard/opensearch-3-security-analyticspkg:apk/chainguard/opensearch-3-sqlpkg:apk/chainguard/opensearch-3-store-smbpkg:apk/chainguard/opensearch-3-telemetry-otelpkg:apk/chainguard/thingsboardpkg:apk/chainguard/thingsboard-tb-js-executorpkg:apk/chainguard/thingsboard-tb-mqtt-transportpkg:apk/chainguard/thingsboard-tb-nodepkg:apk/chainguard/thingsboard-tb-web-uipkg:apk/wolfi/apache-nifipkg:apk/wolfi/apache-nifi-compatpkg:apk/wolfi/apache-nifi-toolkitpkg:apk/wolfi/druidpkg:apk/wolfi/druid-compatpkg:apk/wolfi/flywaypkg:apk/wolfi/opensearch-3pkg:apk/wolfi/opensearch-3-alertingpkg:apk/wolfi/opensearch-3-analysis-icupkg:apk/wolfi/opensearch-3-analysis-kuromojipkg:apk/wolfi/opensearch-3-analysis-noripkg:apk/wolfi/opensearch-3-analysis-phoneticpkg:apk/wolfi/opensearch-3-analysis-smartcnpkg:apk/wolfi/opensearch-3-analysis-stempelpkg:apk/wolfi/opensearch-3-analysis-ukrainianpkg:apk/wolfi/opensearch-3-anomaly-detectionpkg:apk/wolfi/opensearch-3-asynchronous-searchpkg:apk/wolfi/opensearch-3-cross-cluster-replicationpkg:apk/wolfi/opensearch-3-crypto-kmspkg:apk/wolfi/opensearch-3-custom-codecspkg:apk/wolfi/opensearch-3-discovery-azure-classicpkg:apk/wolfi/opensearch-3-discovery-ec2pkg:apk/wolfi/opensearch-3-discovery-gcepkg:apk/wolfi/opensearch-3-geospatialpkg:apk/wolfi/opensearch-3-identity-shiropkg:apk/wolfi/opensearch-3-index-managementpkg:apk/wolfi/opensearch-3-ingest-attachmentpkg:apk/wolfi/opensearch-3-job-schedulerpkg:apk/wolfi/opensearch-3-k-nnpkg:apk/wolfi/opensearch-3-mapper-annotated-textpkg:apk/wolfi/opensearch-3-mapper-murmur3pkg:apk/wolfi/opensearch-3-mapper-sizepkg:apk/wolfi/opensearch-3-ml-commonspkg:apk/wolfi/opensearch-3-neural-searchpkg:apk/wolfi/opensearch-3-notificationspkg:apk/wolfi/opensearch-3-observabilitypkg:apk/wolfi/opensearch-3-performance-analyzerpkg:apk/wolfi/opensearch-3-reportingpkg:apk/wolfi/opensearch-3-repository-azurepkg:apk/wolfi/opensearch-3-repository-gcspkg:apk/wolfi/opensearch-3-repository-s3pkg:apk/wolfi/opensearch-3-securitypkg:apk/wolfi/opensearch-3-security-analyticspkg:apk/wolfi/opensearch-3-sqlpkg:apk/wolfi/opensearch-3-store-smbpkg:apk/wolfi/opensearch-3-telemetry-otelpkg:apk/wolfi/thingsboardpkg:apk/wolfi/thingsboard-tb-js-executorpkg:apk/wolfi/thingsboard-tb-mqtt-transportpkg:apk/wolfi/thingsboard-tb-nodepkg:apk/wolfi/thingsboard-tb-web-uipkg:maven/io.projectreactor.netty/reactor-netty-http
< 2.4.0-r7+ 137 more
- (no CPE)range: < 2.4.0-r7
- (no CPE)range: < 2.4.0-r7
- (no CPE)range: < 2.4.0-r7
- (no CPE)range: < 8.3.22-r4
- (no CPE)range: < 8.3.22-r4
- (no CPE)range: < 8.5.20-r2
- (no CPE)range: < 8.5.20-r2
- (no CPE)range: < 8.6.22-r2
- (no CPE)range: < 8.6.22-r2
- (no CPE)range: < 8.7.8-r1
- (no CPE)range: < 8.7.8-r1
- (no CPE)range: < 33.0.0-r8
- (no CPE)range: < 33.0.0-r8
- (no CPE)range: < 8.18.3-r2
- (no CPE)range: < 8.17.8-r3
- (no CPE)range: < 8.17.8-r3
- (no CPE)range: < 8.17.8-r3
- (no CPE)range: < 8.18.3-r2
- (no CPE)range: < 8.18.3-r2
- (no CPE)range: < 8.18.3-r2
- (no CPE)range: < 9.0.3-r1
- (no CPE)range: < 9.0.7-r1
- (no CPE)range: < 9.0.7-r1
- (no CPE)range: < 9.0.7-r1
- (no CPE)range: < 9.0.7-r1
- (no CPE)range: < 9.4.1-r1
- (no CPE)range: < 9.4.1-r1
- (no CPE)range: < 9.0.3-r1
- (no CPE)range: < 9.0.3-r1
- (no CPE)range: < 9.0.3-r1
- (no CPE)range: < 8.18.3-r2
- (no CPE)range: < 8.18.3-r2
- (no CPE)range: < 8.18.3-r2
- (no CPE)range: < 8.18.3-r2
- (no CPE)range: < 8.18.3-r2
- (no CPE)range: < 8.18.3-r2
- (no CPE)range: < 9.0.3-r2
- (no CPE)range: < 9.4.1-r1
- (no CPE)range: < 9.0.3-r2
- (no CPE)range: < 9.0.3-r2
- (no CPE)range: < 11.10.3-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 4.1-r2
- (no CPE)range: < 4.1-r2
- (no CPE)range: < 4.1-r2
- (no CPE)range: < 4.1-r2
- (no CPE)range: < 4.1-r2
- (no CPE)range: < 2.4.0-r7
- (no CPE)range: < 2.4.0-r7
- (no CPE)range: < 2.4.0-r7
- (no CPE)range: < 33.0.0-r8
- (no CPE)range: < 33.0.0-r8
- (no CPE)range: < 11.10.3-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 3.3.0-r0
- (no CPE)range: < 4.1-r2
- (no CPE)range: < 4.1-r2
- (no CPE)range: < 4.1-r2
- (no CPE)range: < 4.1-r2
- (no CPE)range: < 4.1-r2
- (no CPE)range: >= 1.3.0-M1, < 1.3.0-M5
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.