Security Bulletin: Vulnerabilities in Smallrye affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Smallrye has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-2240 DESCRIPTION: A flaw w...

CVE-2025-2240

CVE-2025-2240 is a Smallrye fault-tolerance OOM/DoS issue triggered by the metrics endpoint: each call allocates a new object in meterMap, potentially exhausting memory and causing DoS. Connected advisories confirm a fix is available in updated SmallRye Fault Tolerance core; remediation is to upg...

SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader

A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data...