We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-46548

Apache Pekko Management, Apache Pekko Management, Apache Pekko Management: management API basic authentication is not effective



Description

If you enable Basic Authentication in Pekko Management using the Java DSL, the authenticator may not be properly applied. Users that rely on authentication instead of making sure the Management API ports are only available to trusted users are recommended to upgrade to version 1.1.1, which fixes this issue.

Reserved 2025-04-24 | Published 2025-06-03 | Updated 2025-06-04 | Assigner apache

Problem types

CWE-287 Improper Authentication

Product status

Default status
unaffected

1.0.0 before 1.1.1
affected

Default status
unaffected

1.0.0 before 1.1.1
affected

Default status
unaffected

1.0.0 before 1.1.1
affected

Credits

Per-Ivar Bakke of GE Vernova finder

References

github.com/apache/pekko-management/pull/418 patch

github.com/akka/akka-management/pull/1385 related

lists.apache.org/thread/tnd84hj9w0ggjcft6cp12q67d5jzhp66 vendor-advisory

cve.org (CVE-2025-46548)

nvd.nist.gov (CVE-2025-46548)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-46548

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.