CVE-2025-0736

MEDIUM

Infinispan - Info Disclosure

Title source: llm

Description

A flaw was found in Infinispan, when using JGroups with JDBC_PING. This issue occurs when an application inadvertently exposes sensitive information, such as configuration details or credentials, through logging mechanisms. This exposure can lead to unauthorized access and exploitation by malicious actors.

References (3)

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2025:2663

[Vendor Advisory] https://access.redhat.com/security/cve/CVE-2025-0736

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=2342233

Scores

CVSS v3 5.5

EPSS 0.0002

EPSS Percentile 4.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-532

Status published

Products (2)

org.infinispan/infinispan-parent 0Maven

Red Hat/Red Hat Data Grid

Published Jan 28, 2025

Tracked Since Feb 18, 2026