CVE-2025-14969
MEDIUM
GHSA-frpp-8pwq-hjrx
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
3Tags
Description
A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. This action may lead to leaking connections from the database connection pool, potentially causing a Denial of Service (DoS) by exhausting available database connections.
Analysis
A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. [CVSS 4.3 MEDIUM]
Technical Context
This vulnerability (CWE-772: Missing Release of Resource after Effective Lifetime) was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. This action may lead to leaking connections from the database connection pool, potentially causing a Denial of Service (DoS) by exhausting available database connections.
Affected Products
A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. This action may lead to leaking conn
Remediation
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Priority Score
Vendor Status
Share
External POC / Exploit Code
Leaving vuln.today