CVE-2025-5731

🗓️ 26 Jun 2025 21:28:59Reported by redhatType

Credential leakage in Infinispan CLI exposes sensitive password in error messages.

Reporter	Title	Published	Views	Family All 18
Chainguard	CVE-2025-5731 vulnerabilities	2 Feb 202613:17	–	cgr
Circl	CVE-2025-5731	22 Jul 202516:32	–	circl
CNNVD	Infinispan CLI 安全漏洞	26 Jun 202500:00	–	cnnvd
Cvelist	CVE-2025-5731 Infinispan: credential leakage in infinispan cli	26 Jun 202521:28	–	cvelist
EUVD	EUVD-2025-19671	3 Oct 202520:07	–	euvd
Github Security Blog	Infinispan CLI vulnerable to Generation of Error Message Containing Sensitive Information	27 Jun 202500:31	–	github
NVD	CVE-2025-5731	26 Jun 202522:15	–	nvd
OSV	CGA-V7VX-FHPG-93R7	29 Jan 202600:48	–	osv
OSV	CVE-2025-5731	26 Jun 202522:15	–	osv
OSV	GHSA-CQM8-RG2P-JFCF Infinispan CLI vulnerable to Generation of Error Message Containing Sensitive Information	27 Jun 202500:31	–	osv

NVD

Vulners

Node

redhat data_gridMatch8.5.4

redhat jboss_enterprise_application_platformMatch7.0.0

redhat jboss_enterprise_application_platformMatch8.0.0

redhat jboss_enterprise_application_platform_expansion_packMatch-

Node

infinispan infinispanMatch-

[
  {
    "vendor": "Red Hat",
    "product": "infinispan",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "15.2.5",
        "versionType": "semver"
      }
    ],
    "packageName": "infinispan",
    "collectionURL": "https://github.com/infinispan/infinispan",
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Data Grid 8.5.4",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unaffected",
    "packageName": "infinispan-cli-client",
    "cpes": [
      "cpe:/a:redhat:jboss_data_grid:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat JBoss Enterprise Application Platform 7",
    "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
    "packageName": "infinispan-cli-client",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/a:redhat:jboss_enterprise_application_platform:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat JBoss Enterprise Application Platform 8",
    "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
    "packageName": "infinispan-cli-client",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/a:redhat:jboss_enterprise_application_platform:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
    "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
    "packageName": "infinispan-cli-client",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/a:redhat:jbosseapxp"
    ]
  }
]

Source	Link
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
access	www.access.redhat.com/errata/RHSA-2025:10130
access	www.access.redhat.com/security/cve/CVE-2025-5731

08 Jan 2026 04:15Current

7High risk

Vulners AI Score7

CVSS 3.15.5

EPSS0.00081

SSVC

CWE-209