CVE-2025-5731

A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found.

CVSS v3 6.2 MEDIUM

6.2^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2025:10130
https://access.redhat.com/security/cve/CVE-2025-5731
https://bugzilla.redhat.com/show_bug.cgi?id=2370429

Configurations

No configuration.

History

01 Jul 2025, 20:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2025:10130 -

30 Jun 2025, 18:38

Type	Values Removed	Values Added
Summary		(es) Se detectó una falla en la CLI de Infinispan. Una contraseña confidencial, decodificada a partir de un secreto de Kubernetes codificado en Base64, se procesa en texto plano y se incluye en una cadena de comandos que puede exponer los datos en un mensaje de error cuando no se encuentra un comando.

26 Jun 2025, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-26 22:15

Updated : 2025-07-01 20:15

NVD link : CVE-2025-5731

Mitre link : CVE-2025-5731

CVE.ORG link : CVE-2025-5731

JSON object : View

Products Affected

No product.

CWE

CWE-209

Generation of Error Message Containing Sensitive Information

6.2 /10