High severity7.5GHSA Advisory· Published Mar 12, 2025· Updated Apr 15, 2026
CVE-2025-2240
CVE-2025-2240
Description
A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory (OOM) issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial of service (DoS) issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.smallrye:smallrye-fault-tolerance-coreMaven | >= 6.3.0, < 6.4.2 | 6.4.2 |
io.smallrye:smallrye-fault-tolerance-coreMaven | >= 6.5.0, < 6.9.0 | 6.9.0 |
Affected products
18- Range: >= 6.5.0, < 6.9.0
- osv-coords17 versionspkg:apk/chainguard/apicurio-registrypkg:apk/chainguard/apicurio-registry-nginx-configpkg:apk/chainguard/apicurio-registry-uipkg:apk/chainguard/wildflypkg:apk/chainguard/wildfly-openjdk-17pkg:apk/chainguard/wildfly-openjdk-17-compatpkg:apk/chainguard/wildfly-openjdk-21pkg:apk/chainguard/wildfly-openjdk-21-compatpkg:apk/wolfi/apicurio-registrypkg:apk/wolfi/apicurio-registry-nginx-configpkg:apk/wolfi/apicurio-registry-uipkg:apk/wolfi/wildflypkg:apk/wolfi/wildfly-openjdk-17pkg:apk/wolfi/wildfly-openjdk-17-compatpkg:apk/wolfi/wildfly-openjdk-21pkg:apk/wolfi/wildfly-openjdk-21-compatpkg:maven/io.smallrye/smallrye-fault-tolerance-core
< 3.0.6-r2+ 16 more
- (no CPE)range: < 3.0.6-r2
- (no CPE)range: < 3.0.6-r2
- (no CPE)range: < 3.0.6-r2
- (no CPE)range: < 35.0.1-r14
- (no CPE)range: < 35.0.1-r14
- (no CPE)range: < 35.0.1-r14
- (no CPE)range: < 35.0.1-r14
- (no CPE)range: < 35.0.1-r14
- (no CPE)range: < 3.0.6-r2
- (no CPE)range: < 3.0.6-r2
- (no CPE)range: < 3.0.6-r2
- (no CPE)range: < 35.0.1-r14
- (no CPE)range: < 35.0.1-r14
- (no CPE)range: < 35.0.1-r14
- (no CPE)range: < 35.0.1-r14
- (no CPE)range: < 35.0.1-r14
- (no CPE)range: >= 6.3.0, < 6.4.2
Patches
Vulnerability mechanics
References
11- github.com/advisories/GHSA-gfh6-3pqw-x2j4nvdADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-2240ghsaADVISORY
- access.redhat.com/errata/RHSA-2025:3376nvdWEB
- access.redhat.com/errata/RHSA-2025:3541nvdWEB
- access.redhat.com/errata/RHSA-2025:3543nvdWEB
- access.redhat.com/security/cve/CVE-2025-2240nvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- github.com/smallrye/smallrye-fault-tolerance/commit/e8bcad3d5e8bbac0a3219bd5c13661adf6ed6bbbghsaWEB
- github.com/smallrye/smallrye-fault-tolerance/pull/985ghsaWEB
- github.com/smallrye/smallrye-fault-tolerance/pull/985/filesghsaWEB
- smallrye.io/blog/fault-tolerance-6-9-0ghsaWEB
News mentions
0No linked articles in our index yet.