Security Bulletin: IBM Event Streams is vulnerable to a denial of service (CVE-2025-2240)

Summary IBM Event Streams is vulnerable to a denial of service due to an out‑of‑memory condition in smallrye-fault-tolerance. Vulnerability Details CVEID:CVE-2025-2240 DESCRIPTION: A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory OOM issue. This...

EUVD-2022-1318

Malicious code in bioql PyPI...

EUVD-2022-6599

Malicious code in bioql PyPI...

EUVD-2025-6307

Malicious code in bioql PyPI...

Security Bulletin: Vulnerabilities in Smallrye affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Smallrye has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-2240 DESCRIPTION: A flaw w...

smallrye-fault-tolerance: SmallRye Fault Tolerance

A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory OOM issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial of service DoS issue...

smallrye-fault-tolerance: SmallRye Fault Tolerance

A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory OOM issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial of service DoS issue...

Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.15.4 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...

smallrye-fault-tolerance: SmallRye Fault Tolerance

A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory OOM issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial of service DoS issue...

Out-of-Memory (OOM)

io.smallrye, smallrye-fault-tolerance-core is vulnerable to an out-of-memory OOM. The vulnerability is due to uncontrolled object creation in meterMap when calling the metrics URI, allowing an attacker to trigger excessive memory consumption and cause a denial of service DoS condition...

com.abavilla:fpi-bot-api (>=1.6.0 <=1.8.5), com.abavilla:fpi-bot-api-parent (>=1.6.0 <=1.8.5) +192 more potentially affected by CVE-2025-2240 via io.smallrye:smallrye-fault-tolerance-core (>=6.0.0-RC1 <=6.8.0)

io.smallrye:smallrye-fault-tolerance-core MAVEN version =6.0.0-RC1, =1.6.0, =1.6.0, =1.8.0, =1.8.0, =1.6.0, =1.6.0, =1.8.0, =1.8.0, =1.0.25, =1.0.25, =1.5.0, =1.5.0, =1.3.1, =1.3.1, =1.3.4, =1.3.13 and more Source cves: CVE-2025-2240 Source advisory: SNYK:JAVA-IOSMALLRYE-9460816...

com.qwlabs.doraemon:task-queue (>=0.3.0 <=0.3.37), io.apicurio:apicurio-registry-app (>=3.0.4 <=3.0.6) +93 more potentially affected by CVE-2025-2240 via io.smallrye:smallrye-fault-tolerance-core (>=6.3.0 <=6.4.1)

io.smallrye:smallrye-fault-tolerance-core MAVEN version =6.3.0, =0.3.0, =3.0.4, =3.0.4, =3.0.4, =3.0.4, =0.34.0, =4.0.2, =4.0.2, =4.0.2, =3.10.0, =3.10.0, =6.3.0, =6.3.0, =6.3.0, =6.3.0, =6.4.1 and more Source cves: CVE-2025-2240 Source advisory:...

SmallRye Fault Tolerance out-of-memory (OOM) issue

A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory OOM issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial of service DoS issue...

GHSA-GFH6-3PQW-X2J4 SmallRye Fault Tolerance out-of-memory (OOM) issue

A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory OOM issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial of service DoS issue...

com.qwlabs.doraemon:task-queue (>=0.3.38 <=0.3.54), hu.icellmobilsoft.reactive.messaging.redisstream:quarkus-reactive-messaging-redisstream-extension-sample (>=1.0.4 <=1.3.0) +34 more potentially affected by CVE-2025-2240 via io.smallrye:smallrye-fault-tolerance-core (>=6.5.0 <=6.8.0)

io.smallrye:smallrye-fault-tolerance-core MAVEN version =6.5.0, =0.3.38, =1.0.4, =0.38.0, =3.16.0, =3.20.0.CR1 and more Source cves: CVE-2025-2240 Source advisory: OSV:GHSA-GFH6-3PQW-X2J4https://...

CVE-2025-2240

A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory OOM issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial of service DoS issue...

CVE-2025-2240 Smallrye-fault-tolerance: smallrye fault tolerance

A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory OOM issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial of service DoS issue...

CVE-2025-2240

CVE-2025-2240 is a Smallrye fault-tolerance OOM/DoS issue triggered by the metrics endpoint: each call allocates a new object in meterMap, potentially exhausting memory and causing DoS. Connected advisories confirm a fix is available in updated SmallRye Fault Tolerance core; remediation is to upg...

CVE-2025-2240 Smallrye-fault-tolerance: smallrye fault tolerance

A flaw was found in Smallrye, where smallrye-fault-tolerance is vulnerable to an out-of-memory OOM issue. This vulnerability is externally triggered when calling the metrics URI. Every call creates a new object within meterMap and may lead to a denial of service DoS issue...

Smallrye 安全漏洞

SmallRye is an open source implementation of MicroProfile Microservices Architecture Optimization Protocol by the Smallrye team. A security vulnerability exists in Smallrye that stems from an out-of-memory issue that can lead to a denial of service when calling metrics URIs...