CVE-2025-2529 - Vulnerability Details - OpenCVE

Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from (malicious) external parties in an unfiltered/unsalted way.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	Terracotta

No data.

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

IBM strongly recommends addressing the low severity vulnerability now by applying the mentioned fixes or later fixes for the affected versions and following the respective readme document. IBM Terracotta 11.1.0 Fix 6 or later IBM Terracotta 10.15.0 Fix 24 or later Fixes can be downloaded and installed via IBM webMethods Update Manager. Refer to How to Download webMethods Software ( https://www.ibm.com/support/pages/node/7232491 )

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.ibm.com/support/pages/node/7247977

History

Wed, 15 Oct 2025 15:45:00 +0000

Type	Values Removed	Values Added
Description		Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from (malicious) external parties in an unfiltered/unsalted way.
Title		IBM Terracotta denial of service
First Time appeared		Ibm Ibm terracotta
Weaknesses		CWE-228
CPEs		cpe:2.3:a:ibm:terracotta:10.15.0:::::::* cpe:2.3:a:ibm:terracotta:10.15.0:ifix23:::::: cpe:2.3:a:ibm:terracotta:11.1.0:::::::* cpe:2.3:a:ibm:terracotta:11.1.0:ifix5::::::
Vendors & Products		Ibm Ibm terracotta
References		https://www.ibm.com/support/pages/node/7247977
Metrics		cvssV3_1 `{'score': 2.9, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L'}`

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2025-10-15T15:29:04.780Z

Updated: 2025-10-15T15:29:04.780Z

Reserved: 2025-03-19T15:07:16.690Z

Link: CVE-2025-2529

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-10-15T16:15:34.287

Modified: 2025-10-15T16:15:34.287

Link: CVE-2025-2529

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-2529", "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "state": "PUBLISHED", "assignerShortName": "ibm", "dateReserved": "2025-03-19T15:07:16.690Z", "datePublished": "2025-10-15T15:29:04.780Z", "dateUpdated": "2025-10-15T15:29:04.780Z"}, "containers": {"cna": {"affected": [{"cpes": ["cpe:2.3:a:ibm:terracotta:10.15.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:terracotta:10.15.0:ifix23:*:*:*:*:*:*", "cpe:2.3:a:ibm:terracotta:11.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:ibm:terracotta:11.1.0:ifix5:*:*:*:*:*:*"], "defaultStatus": "unaffected", "product": "Terracotta", "vendor": "IBM", "versions": [{"lessThanOrEqual": "10.15.0 IF23", "status": "affected", "version": "10.15.0", "versionType": "semver"}, {"lessThanOrEqual": "11.1.0 IF5", "status": "affected", "version": "11.1.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from (malicious) external parties in an unfiltered/unsalted way."}], "value": "Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from (malicious) external parties in an unfiltered/unsalted way."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2.9, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-228", "description": "CWE-228 Improper Handling of Syntactically Invalid Structure", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm", "dateUpdated": "2025-10-15T15:29:04.780Z"}, "references": [{"tags": ["vendor-advisory", "patch"], "url": "https://www.ibm.com/support/pages/node/7247977"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>IBM strongly recommends addressing the low severity vulnerability now by applying the mentioned fixes or later fixes for the affected versions and following the respective readme document.</p><p>IBM Terracotta 11.1.0 Fix 6 or later<br>IBM Terracotta 10.15.0 Fix 24 or later</p><p>Fixes can be downloaded and installed via IBM webMethods Update Manager. Refer to How to Download webMethods Software (<a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/pages/node/7232491\">https://www.ibm.com/support/pages/node/7232491</a>)</p>\n\n<br>"}], "value": "IBM strongly recommends addressing the low severity vulnerability now by applying the mentioned fixes or later fixes for the affected versions and following the respective readme document.\n\nIBM Terracotta 11.1.0 Fix 6 or later\nIBM Terracotta 10.15.0 Fix 24 or later\n\nFixes can be downloaded and installed via IBM webMethods Update Manager. Refer to How to Download webMethods Software ( https://www.ibm.com/support/pages/node/7232491 )"}], "source": {"discovery": "UNKNOWN"}, "title": "IBM Terracotta denial of service", "x_generator": {"engine": "Vulnogram 0.2.0"}}}}