Denial Of Service (DoS)

org.hibernate.reactive, hibernate-reactive-core is vulnerable to a Denial of Service DoS. The vulnerability is due to improper handling of prematurely closed HTTP connections during database operations, which allows an attacker to exhaust the database connection pool by forcing connection leaks...

Security Bulletin: IBM Enterprise Build of Quarkus is affected by multiple vulnerabilities

Summary IBM Enterprise Build of Quarkus is affected by Netty CRLF injection vulnerability, SCRAM authentication vulnerability, Hibernate Reactive database connection leak vulnerability and Quarkus REST worker thread exhaustion vulnerability. Vulnerability Details CVEID:CVE-2025-14969 DESCRIPTION:...

Moderate: Red Hat Security Advisory: Red Hat build of Quarkus 3.27.2 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more information...

hibernate-reactive-core: Hibernate Reactive: Denial of Service due to connection leak on HTTP client disconnect

A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. This action may lead to leaking connections from the database connection pool, potentially causing a Denial of Service DoS by...

ai.pipestream:connector-admin-service (=0.1.18), ai.pipestream:pipestream-engine (=0.0.6) +41 more potentially affected by CVE-2025-14969 via org.hibernate.reactive:hibernate-reactive-core (>=1.0.0.Alpha6 <=4.1.6.Final)

org.hibernate.reactive:hibernate-reactive-core MAVEN version =1.0.0.Alpha6, =0.1.7, =0.0.10, =0.0.1, =1.0.0, =2.0.0, =0.4.3, =0.4.3, =0.0.1, =2.2.0.Alpha2, =3.6.0.Beta1 and more Source cves: CVE-2025-14969 Source advisory: OSV:GHSA-FRPP-8PWQ-HJRX...

Hibernate Reactive Vulnerable to DoS via Connection Pool Exhaustion

A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. This action may lead to leaking connections from the database connection pool, potentially causing a Denial of Service DoS by...

io.quarkiverse.flags:quarkus-flags-hibernate-reactive (>=1.0.0.Beta7 <=1.0.0.Beta8), io.quarkiverse.flags:quarkus-flags-hibernate-reactive-deployment (>=1.0.0.Beta7 <=1.0.0.Beta8) +13 more potentially affected by CVE-2025-14969 via org.hibernate.reactive:hibernate-reactive-core (=3.2.11.Final)

org.hibernate.reactive:hibernate-reactive-core MAVEN version =3.2.11.Final is affected by a known vulnerability. The following packages have a transitive dependency on org.hibernate.reactive:hibernate-reactive-core and may be impacted: - io.quarkiverse.flags:quarkus-flags-hibernate-reactive...

ai.pipestream:connector-admin-service (=0.1.18), ai.pipestream:pipestream-engine (=0.0.6) +22 more potentially affected by CVE-2025-14969 via org.hibernate.reactive:hibernate-reactive-core (>=3.0.0.Final <=3.1.10.Final)

org.hibernate.reactive:hibernate-reactive-core MAVEN version =3.0.0.Final, =0.1.21, =3.2.2.Final, =3.2.2.Final, =3.2.2.Final, =3.24.0, =3.24.0, =3.24.0, =3.24.0, =3.24.0, =3.24.0, =3.30.8 and more Source cves: CVE-2025-14969 Source advisory: SNYK:JAVA-ORGHIBERNATERE...

GHSA-FRPP-8PWQ-HJRX Hibernate Reactive Vulnerable to DoS via Connection Pool Exhaustion

A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. This action may lead to leaking connections from the database connection pool, potentially causing a Denial of Service DoS by...

Missing Release of Resource after Effective Lifetime

Overview org.hibernate.reactive:hibernate-reactive-core is a The core module of Hibernate Reactive Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime by leaving transactions open in the connection pool. An attacker can cause resource exhaustio...

CVE-2025-14969

A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. This action may lead to leaking connections from the database connection pool, potentially causing a Denial of Service DoS by...

CVE-2025-14969

A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. This action may lead to leaking connections from the database connection pool, potentially causing a Denial of Service DoS by...

CVE-2025-14969

CVE-2025-14969 describes a Denial of Service risk in Hibernate Reactive: when an HTTP endpoint performing DB ops is prematurely closed by a remote client, the DB connection pool can leak connections, exhausting resources. The CVSS 3.1 base score is 4.3 (Medium). IBM’s Quarkus bulletins and Red Ha...

EUVD-2025-206338

A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. This action may lead to leaking connections from the database connection pool, potentially causing a Denial of Service DoS by...

CVE-2025-14969 Hibernate-reactive-core: hibernate reactive: denial of service due to connection leak on http client disconnect

A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. This action may lead to leaking connections from the database connection pool, potentially causing a Denial of Service DoS by...

CVE-2025-14969 Hibernate-reactive-core: hibernate reactive: denial of service due to connection leak on http client disconnect

A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. This action may lead to leaking connections from the database connection pool, potentially causing a Denial of Service DoS by...

Hibernate Reactive security vulnerability

Hibernate Reactive is a reactive API interface provided by the Hibernate company. There is a security vulnerability in Hibernate Reactive, which stems from the ability of remote clients to prematurely close HTTP connections. This could lead to the leakage of database connection pools, potentially...

PT-2026-4807

A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. This action may lead to leaking connections from the database connection pool, potentially causing a Denial of Service DoS by...