Moderate severityNVD Advisory· Published Jun 26, 2025· Updated Jan 8, 2026
Infinispan: credential leakage in infinispan cli
CVE-2025-5731
Description
A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.infinispan:infinispan-cli-clientMaven | <= 16.0.0.Dev01 | — |
Affected products
10- Red Hat/Red Hat Data Grid 8.5.4v5cpe:/a:redhat:jboss_data_grid:8
- cpe:/a:redhat:jbosseapxp
cpe:/a:redhat:jboss_enterprise_application_platform:7+ 1 more
- cpe:/a:redhat:jboss_enterprise_application_platform:7
- cpe:/a:redhat:jboss_enterprise_application_platform:8
- osv-coords5 versionspkg:apk/chainguard/infinispan-16.0pkg:apk/chainguard/infinispan-16.1pkg:apk/wolfi/infinispan-16.0pkg:apk/wolfi/infinispan-16.1pkg:maven/org.infinispan/infinispan-cli-client
< 16.0.5-r0+ 4 more
- (no CPE)range: < 16.0.5-r0
- (no CPE)range: < 16.1.0-r0
- (no CPE)range: < 16.0.5-r0
- (no CPE)range: < 16.1.0-r0
- (no CPE)range: <= 16.0.0.Dev01
- Red Hat/infinispanv5Range: 0
Patches
Vulnerability mechanics
References
5- access.redhat.com/errata/RHSA-2025:10130ghsavendor-advisoryx_refsource_REDHATWEB
- github.com/advisories/GHSA-cqm8-rg2p-jfcfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-5731ghsaADVISORY
- access.redhat.com/security/cve/CVE-2025-5731ghsavdb-entryx_refsource_REDHATWEB
- bugzilla.redhat.com/show_bug.cgighsaissue-trackingx_refsource_REDHATWEB
News mentions
0No linked articles in our index yet.