Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are vulnerable due to improper permission check vulnerability in Zookeeper (CVE-2025-58457)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway are vulnerable due to improper permission check vulnerability in Zookeeper Vulnerability Details CVEID:CVE-2025-58457 DESCRIPTION: Improper permission check in ZooKeeper AdminServer lets authorized clients to run snapshot and resto...

Security Bulletin: IBM Sterling B2B Integrator and IBM Sterling File Gateway are vulnerable due to improper permission check vulnerability in Zookeeper (CVE-2025-58457)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway are vulnerable due to improper permission check vulnerability in Zookeeper Vulnerability Details CVEID:CVE-2025-58457 DESCRIPTION: Improper permission check in ZooKeeper AdminServer lets authorized clients to run snapshot and resto...

Apache ZooKeeper 3.9.x < 3.9.4 Improper Permission Check

The version of Apache ZooKeeper listening on the remote host is 3.9.x prior to 3.9.4. It is, therefore, affected by an improper permission check vulnerability: - Improper permission check in ZooKeeper AdminServer lets authorized clients to run snapshot and restore commands with insufficient...

CVE-2025-58457 vulnerabilities

Vulnerabilities for packages: solr, apache-pulsar, spark, strimzi-kafka-operator, thingsboard, trino, apache-activemq-artemis...

CVE-2025-58457 vulnerabilities

Vulnerabilities for packages: solr, trino, spark, strimzi-kafka-operator, apache-pulsar, spark-fips, apache-activemq-artemis, thingsboard...

CVE-2025-58457

creationtimestamp| type| source ---|---|--- 2025-09-24 13:24:31+00:00| seen| https://seclists.org/oss-sec/2025/q3/193 2026-06-18 19:11:29+00:00| seen| https://gist.github.com/ppkarwasz/f5be1b5c0182fe665252101c5f24d39f...

au.csiro.pathling:encoders (>=7.2.0 <=9.6.0), au.csiro.pathling:fhir-server (=7.2.0) +1169 more potentially affected by CVE-2025-58457 via org.apache.zookeeper:zookeeper (>=3.9.0 <=3.9.3)

org.apache.zookeeper:zookeeper MAVEN version =3.9.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =0.0.1-jdk1.8-RELEASES, =0.0.1-jdk1.8-RELEASES, =0.0.1-jdk1.8-RELEASES, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =1.1.1, =2.1.1, =2.2.4 and more Source cves: CVE-2025-58457 Source advisory:...

CVE-2025-58457

CVE-2025-58457 is an issue in ZooKeeper AdminServer where an improper permission check allows an authenticated client with insufficient privileges to run snapshot and restore commands. Affected versions are Apache ZooKeeper 3.9.0 through 3.9.3; the fix is available in 3.9.4.Mitigation steps from ...

CVE-2025-58457

Improper permission check in ZooKeeper AdminServer lets authorized clients to run snapshot and restore command with insufficient permissions. This issue affects Apache ZooKeeper: from 3.9.0 before 3.9.4. Users are recommended to upgrade to version 3.9.4, which fixes the issue. The issue can be...