CVE-2025-5731

MEDIUM 5.5

Infinispan: credential leakage in infinispan cli

CVSS Score

5.5

EPSS Score

0.0%

EPSS Percentile

0th

A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found.

CWE	CWE-209
Vendor	red hat
Product	infinispan
Published	Jun 26, 2025
Last Updated	Jan 8, 2026

Stay Ahead of the Next One

Get instant alerts for red hat infinispan

Be the first to know when new medium vulnerabilities affecting red hat infinispan are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected Versions

Red Hat / infinispan

0 < 15.2.5

Red Hat / Red Hat Data Grid 8.5.4

All versions affected

Red Hat / Red Hat JBoss Enterprise Application Platform 7

All versions affected

Red Hat / Red Hat JBoss Enterprise Application Platform 8

All versions affected

Red Hat / Red Hat JBoss Enterprise Application Platform Expansion Pack

All versions affected

References

NVD ↗ CVE.org ↗ EPSS Data ↗

access.redhat.com: https://access.redhat.com/errata/RHSA-2025:10130 access.redhat.com: https://access.redhat.com/security/cve/CVE-2025-5731 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2370429