ai.pipestream:connector-admin-service (=0.1.18), ai.pipestream:pipestream-engine (=0.0.6) +41 more potentially affected by CVE-2025-14969 via org.hibernate.reactive:hibernate-reactive-core (>=1.0.0.Alpha6 <=4.1.6.Final)

org.hibernate.reactive:hibernate-reactive-core MAVEN version =1.0.0.Alpha6, =0.1.7, =0.0.10, =0.0.1, =1.0.0, =2.0.0, =0.4.3, =0.4.3, =0.0.1, =2.2.0.Alpha2, =3.6.0.Beta1 and more Source cves: CVE-2025-14969 Source advisory: OSV:GHSA-FRPP-8PWQ-HJRX...

io.quarkiverse.flags:quarkus-flags-hibernate-reactive (>=1.0.0.Beta7 <=1.0.0.Beta8), io.quarkiverse.flags:quarkus-flags-hibernate-reactive-deployment (>=1.0.0.Beta7 <=1.0.0.Beta8) +13 more potentially affected by CVE-2025-14969 via org.hibernate.reactive:hibernate-reactive-core (=3.2.11.Final)

org.hibernate.reactive:hibernate-reactive-core MAVEN version =3.2.11.Final is affected by a known vulnerability. The following packages have a transitive dependency on org.hibernate.reactive:hibernate-reactive-core and may be impacted: - io.quarkiverse.flags:quarkus-flags-hibernate-reactive...

CVE-2025-14969

CVE-2025-14969 describes a Denial of Service risk in Hibernate Reactive: when an HTTP endpoint performing DB ops is prematurely closed by a remote client, the DB connection pool can leak connections, exhausting resources. The CVSS 3.1 base score is 4.3 (Medium). IBM’s Quarkus bulletins and Red Ha...