{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-22227", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2025-01-02T04:29:59.191Z", "datePublished": "2025-07-16T09:31:15.293Z", "dateUpdated": "2025-07-16T14:39:58.789Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "Reactor Netty", "product": "Reactor Netty", "vendor": "VMware", "versions": [{"lessThan": "1.0.49 (Reactor BOM 2020.0.48)", "status": "affected", "version": "1.0.x", "versionType": "commercial"}, {"lessThan": "1.1.32 (Reactor BOM 2022.0.27 and 2023.0.20)", "status": "affected", "version": "1.1.x", "versionType": "commercial"}, {"lessThan": "1.2.8 (Reactor BOM 2024.0.8)", "status": "affected", "version": "1.2.x", "versionType": "OSS"}, {"lessThan": "1.3.0-M5 (Reactor BOM 2025.0.0-M5)", "status": "affected", "version": "1.3.x", "versionType": "OSS"}]}], "datePublic": "2025-07-16T09:26:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects.</p><br>"}], "value": "In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2025-07-16T09:31:15.293Z"}, "references": [{"url": "https://spring.io/security/cve-2025-22227"}], "source": {"discovery": "UNKNOWN"}, "title": "CVE-2025-22227: Authentication Leak On Redirect With Reactor Netty HTTP Client", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-200", "lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-16T14:29:51.229735Z", "id": "CVE-2025-22227", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-16T14:39:58.789Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects."}], "id": "CVE-2025-22227", "lastModified": "2025-07-16T15:15:25.057", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "security@vmware.com", "type": "Secondary"}]}, "published": "2025-07-16T10:15:27.787", "references": [{"source": "security@vmware.com", "url": "https://spring.io/security/cve-2025-22227"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "io.projectreactor.netty/reactor-netty: Reactor Netty Credential Leak via Redirects", "id": "2380447", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380447"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "draft"}, "cwe": "CWE-601", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-22227", "package_state": [{"cpe": "cpe:/a:redhat:camel_spring_boot:4", "fix_state": "Fix deferred", "package_name": "reactor-netty", "product_name": "Red Hat build of Apache Camel for Spring Boot 4"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Fix deferred", "package_name": "reactor-netty", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Fix deferred", "package_name": "reactor-netty", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Fix deferred", "package_name": "reactor-netty", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Fix deferred", "package_name": "reactor-netty", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}], "public_date": "2025-07-16T09:31:15Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-22227\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-22227\nhttps://spring.io/security/cve-2025-22227"], "statement": "This vulnerability is rated as Moderate because it requires a specific, non-default configuration to be exploitable. While it involves the leakage of credentials, the impact is lessened by the prerequisite that the Reactor Netty HTTP client must be explicitly configured to follow redirects. This requirement reduces the likelihood of widespread, automatic exploitation.", "threat_severity": "Moderate"}