What is the severity of CVE-2025-0736?

CVE-2025-0736 has been classified as a medium severity vulnerability due to the risk of exposing sensitive information.

How do I fix CVE-2025-0736?

To fix CVE-2025-0736, update your Infinispan to a version higher than 15.1.4.Final or ensure sensitive information is not logged.

What software is affected by CVE-2025-0736?

CVE-2025-0736 affects Infinispan versions up to and including 15.1.4.Final when using JDBC_PING with JGroups.

What are the risks associated with CVE-2025-0736?

The risks associated with CVE-2025-0736 include unauthorized access and exploitation of sensitive information.

Vulnerability/
CVE-2025-0736

medium

5.5

CWE

532

27/1/2025

28/1/2025

12/3/2025

CVE-2025-0736: Org.infinispan-infinispan-parent: exposure of sensitive information in application logs

Q: What kind of information can be exposed in CVE-2025-0736?

CVE-2025-0736 can inadvertently expose sensitive information such as configuration details or credentials through logging.

First published: Mon Jan 27 2025(Updated: )

A flaw was found in Infinispan, when using JGroups with JDBC_PING. This issue occurs when an application inadvertently exposes sensitive information, such as configuration details or credentials, through logging mechanisms. This exposure can lead to unauthorized access and exploitation by malicious actors.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
maven/org.infinispan:infinispan-parent	<=15.1.4.Final
Infinispan

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2025-0736?
CVE-2025-0736 has been classified as a medium severity vulnerability due to the risk of exposing sensitive information.
How do I fix CVE-2025-0736?
To fix CVE-2025-0736, update your Infinispan to a version higher than 15.1.4.Final or ensure sensitive information is not logged.
What software is affected by CVE-2025-0736?
CVE-2025-0736 affects Infinispan versions up to and including 15.1.4.Final when using JDBC_PING with JGroups.
What kind of information can be exposed in CVE-2025-0736?
CVE-2025-0736 can inadvertently expose sensitive information such as configuration details or credentials through logging.
What are the risks associated with CVE-2025-0736?
The risks associated with CVE-2025-0736 include unauthorized access and exploitation of sensitive information.

agent/title
agent/weakness
agent/type
agent/first-publish-date
agent/description
collector/nvd-api
source/NVD
agent/severity
collector/github-advisory-latest
source/GitHub
alias/GHSA-269m-c36j-r834
alias/CVE-2025-0736
agent/software-canonical-lookup
agent/references
agent/source
agent/last-modified-date
agent/event
collector/nvd-cve
agent/author
collector/mitre-cve
source/MITRE
collector/github-advisory
agent/guess-ai
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/redhat-bugzilla
source/Red Hat
package-manager/maven
vendor/infinispan
canonical/infinispan

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.