SB2025070345 - Multiple vulnerabilities in AMQ Streams

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025070345

SB2025070345 - Multiple vulnerabilities in AMQ Streams

Published: July 3, 2025 Updated: August 29, 2025

Security Bulletin ID SB2025070345
Severity
High
Patch available
YES
Number of vulnerabilities 11
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

High 9% Medium 73% Low 18%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 11 secuirty vulnerabilities.


1) Uncontrolled Recursion (CVE-ID: CVE-2023-1370)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to uncontrolled recursion when processing nested arrays and objects. A remote attacker can pass specially crafted JSON data to the application and perform a denial of service (DoS) attack.


2) Input validation error (CVE-ID: CVE-2025-24970)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in SslHandler when using native SSLEngine. A remote attacker can send a specially crafted packet to the application and perform a denial of service (DoS) attack.


3) Resource exhaustion (CVE-ID: CVE-2025-25193)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to application attempts to load a file that does not exist. A local user can create a large file on the system and crash the application.

Note, the vulnerability affects Windows installations only.


4) Improper authentication (CVE-ID: CVE-2024-56128)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in Salted Challenge Response Authentication Mechanism (SCRAM) implementation. The application does not verify that the nonce sent by the client in the second message matches the nonce sent by the server in its first message. A remote attacker with access to plain text SCRAM authentication exchange can bypass forge the second once and gain unauthorized access to the application.


5) Improper resource shutdown or release (CVE-ID: CVE-2024-13009)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to an error in GzipHandler when handling certain URL paths. A remote attacker can send a specially crafted HTTP request to the affected server and force it to reveal a part of the request body in a separate request.


6) Information disclosure (CVE-ID: CVE-2024-31141)

The vulnerability allows a remote user to escalate privileges within the application.

The vulnerability exists due to the way Apache Kafka Clients handles custom configurations. A remote user with access to REST API can read arbitrary files and variables on the system and escalate their privileges filesystem/environment access.


7) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2024-6763)

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input in HttpURI. A remote attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.

Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.


8) Resource management error (CVE-ID: CVE-2024-47535)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an unsafe reading of an environment file on Windows. A local user can create an overly large file and perform a denial of service (DoS) attack.


9) Improper access control (CVE-ID: CVE-2025-48734)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions to enum properties. If an application using Commons BeanUtils passes property paths from an external source directly to the getProperty() method of PropertyUtilsBean, an attacker can access the enum’s class loader via the “declaredClass” property available on all Java “enum” objects. Accessing the enum’s “declaredClass” allows remote attackers to access the ClassLoader and execute arbitrary code. The same issue exists with PropertyUtilsBean.getNestedProperty().


10) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2025-27817)

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input in Apache Kafka Client. The application accepts configuration data for setting the SASL/OAUTHBEARER connection with the brokers, including "sasl.oauthbearer.token.endpoint.url" and "sasl.oauthbearer.jwks.endpoint.url". A remote attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.

Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.


11) Resource exhaustion (CVE-ID: CVE-2025-1634)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists in in the quarkus-resteasy extension due to application does not properly control consumption of internal resources when client requests with low timeouts are made. A remote user can trigger resource exhaustion and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References