18 matches found
ROOT-APP-MAVEN-CVE-2025-67735 CVE-2025-67735 in io.root.io.netty:netty-codec-http - Patched by Root
Root has patched CVE-2025-67735 in the io.root.io.netty:netty-codec-http package for Root:Maven. Multiple fixed versions available...
Security Bulletin: A netty-codec-http-4.1.118.Final.jar vulnerability found by Scanner affects IBM Rational Functional Tester / DevOps Test UI
Summary There is a vulnerability in netty-codec-http-4.1.118.Final.jar used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven network application...
ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +2120 more potentially affected by CVE-2025-67735 +1 more via io.netty:netty-handler-proxy (>=4.2.0.Alpha1 <=4.2.12.Final)
io.netty:netty-handler-proxy MAVEN version =4.2.0.Alpha1, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.2 and more Source cves: CVE-2025-67735, CVE-2026-42578 Source advisory: SNYK:JAVA-IONETTY-16438935...
ai.agentican:agentican-framework-core (>=0.1.0-alpha.3 <=0.1.0-alpha.4), ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.4) +15781 more potentially affected by CVE-2025-67735 +1 more via io.netty:netty-handler-proxy (>=4.1.0.Beta4 <=4.1.132.Final)
io.netty:netty-handler-proxy MAVEN version =4.1.0.Beta4, =0.1.0-alpha.3, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.3, =0.1.0-alpha.3, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.28.0 and more Source cves:...
Oracle GoldenGate for Big Data Multiple Vulnerabilities 21.x < 21.22.0.0.0 (April 2026 CPU)
According to its self-reported version number, the Oracle GoldenGate for Big Data application located on the remote host is affected by multiple vulnerabilities: - Vulnerability in the Oracle GoldenGate Big Data and Application Adapters product of Oracle GoldenGate component: Java Delivery Netty...
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in netty-codec-http-4.1.125.Final.jar
Summary IBM Watson Discovery Cartridge affected by vulnerability in netty-codec-http-4.1.125.Final.jar Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the...
Security Bulletin: IBM® Db2® is affected by a vulnerability in netty-codec-http-4.1.127 (CVE-2025-67735)
Summary IBM® Db2® is affected by a vulnerability in netty-codec-http-4.1.127 CVE-2025-67735 Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the...
[SECURITY] [DSA 6160-1] netty security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6160-1 [email protected] https://www.debian.org/security/ Markus Koschany March 11, 2026 https://www.debian.org/security/faq -...
Security Bulletin: There is a vulnerability in netty-codec-http-4.1.126.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite ( CVE-2025-67735)
Summary There is a vulnerability in netty-codec-http-4.1.126.Final.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to...
Security Bulletin: Vulnerabilities in netty-codec-4.1.124.Final.jar, netty-codec-http-4.1.108.Final.jar, netty-codec-http2-4.1.124.Final.jar affecting MongoDB Enterprised Advanced (CVE-2025-58056, CVE-2025-58057, CVE-2025-67735)
Summary There are vulnerabilities in netty-codec-4.1.124.Final.jar, netty-codec-http-4.1.108.Final.jar, netty-codec-http2-4.1.124.Final.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2025-58056, CVE-2025-58057, CVE-2025-67735. The vulnerabilities have been addressed. Vulnerabilit...
Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by a Request Smuggling Vulnerability in Netty (CVE-2025-67735)
Summary Netty is used by IBM DevOps Deploy / IBM UrbanCode Deploy UCD as part of the agent-server and server-server inter-communication services. CVE-2025-67735 Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In version...
openSUSE Security Advisory (SUSE-SU-2025:4489-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15 / openSUSE 15 Security Update : netty (SUSE-SU-2025:4489-1)
The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:4489-1 advisory. Update to upstream version 4.1.130. Security issues fixed: - CVE-2025-67735: lack of URI sanitization in HttpRequestEncoder allows for CRL...
ai.ancf.lmos-router:benchmarks (>=0.2.0 <=0.28.0), ai.ancf.lmos-router:lmos-router-hybrid (>=0.2.0 <=0.28.0) +22650 more potentially affected by CVE-2025-67735 via io.netty:netty-codec-http (>=4.0.0.Alpha1 <=4.1.128.Final)
io.netty:netty-codec-http MAVEN version =4.0.0.Alpha1, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid =0.1.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm =0.1.0 -...
ai.catboost:catboost-spark_4.1_2.13 (=1.2.10), ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0) +4101 more potentially affected by CVE-2025-67735 via io.netty:netty-codec-http (>=4.2.0.Alpha1 <=4.2.7.Final)
io.netty:netty-codec-http MAVEN version =4.2.0.Alpha1, =0.1.0, =0.1.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =26.3.2 and more Source cves: CVE-2025-67735 Source advisory: SNYK:JAVA-IONETTY-14423947...
ai.ancf.lmos-router:benchmarks (>=0.2.0 <=0.28.0), ai.ancf.lmos-router:lmos-router-hybrid (>=0.2.0 <=0.28.0) +22650 more potentially affected by CVE-2025-67735 via io.netty:netty-codec-http (>=4.0.0.Alpha1 <=4.1.128.Final)
io.netty:netty-codec-http MAVEN version =4.0.0.Alpha1, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.2.0, =0.1.1, =0.1.1, =0.1.1, =0.0.4, =0.6.0 - ai.ancf.lmos:lmos-router-hybrid =0.1.0 - ai.ancf.lmos:lmos-router-hybrid-spring-boot-starter =0.1.0 - ai.ancf.lmos:lmos-router-llm =0.1.0 -...
ai.catboost:catboost-spark_4.1_2.13 (=1.2.10), ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0) +4101 more potentially affected by CVE-2025-67735 via io.netty:netty-codec-http (>=4.2.0.Alpha1 <=4.2.7.Final)
io.netty:netty-codec-http MAVEN version =4.2.0.Alpha1, =0.1.0, =0.1.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =25.9.0, =26.3.2 and more Source cves: CVE-2025-67735 Source advisory: OSV:GHSA-84H7-RJJ3-6JX4...
CVE-2025-67735
creationtimestamp| type| source ---|---|--- 2025-12-15 14:39:48+00:00| published-proof-of-concept| https://github.com/netty/netty/security/advisories/GHSA-84h7-rjj3-6jx4 2025-12-15 17:55:00+00:00| seen| https://mastodon.social/users/chrisvest/statuses/115724864576648010 2026-01-13 15:10:13+00:00|...