CVE-2025-5731 | THREATINT

Description

A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found.

PUBLISHED Reserved 2025-06-05 | Published 2025-06-26 | Updated 2026-01-08 | Assigner redhat

MEDIUM: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Problem types

Generation of Error Message Containing Sensitive Information

Product status

Default status

unaffected

Any version before 15.2.5

affected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Timeline

2025-06-05:	Reported to Red Hat.
2025-06-26:	Made public.

References

access.redhat.com/errata/RHSA-2025:10130 (RHSA-2025:10130) vendor-advisory

access.redhat.com/security/cve/CVE-2025-5731 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2370429 (RHBZ#2370429) issue-tracking

cve.org (CVE-2025-5731)

nvd.nist.gov (CVE-2025-5731)

Download JSON