CVE-2025-0736: Infinispan vulnerable to Insertion of Sensitive Information into Log File

January 28, 2025 (updated March 12, 2025)

A flaw was found in Infinispan, when using JGroups with JDBC_PING. This issue occurs when an application inadvertently exposes sensitive information, such as configuration details or credentials, through logging mechanisms. This exposure can lead to unauthorized access and exploitation by malicious actors.

References

access.redhat.com/errata/RHSA-2025:2663
access.redhat.com/security/cve/CVE-2025-0736
bugzilla.redhat.com/show_bug.cgi?id=2342233
github.com/advisories/GHSA-269m-c36j-r834
github.com/infinispan/infinispan
nvd.nist.gov/vuln/detail/CVE-2025-0736

Code Behaviors & Features

Detect and mitigate CVE-2025-0736 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →