CNNVD-202507-2117 Information

Jul 16, 2025 cve

CNNVD ID

CNNVD-202507-2117

CVE-2025-22227

CNNVD Published: 2025-07-16

Description (Chinese)

Reactor Netty是基于 Netty 框架的非阻塞和背压就绪的 TCP/HTTP/UDP/QUIC 客户端和服务器。 Reactor Netty存在安全漏洞，该漏洞源于在链式重定向的某些特定场景中，Reactor Netty HTTP客户端会泄露凭证。

Description (English)

Reactor Netty is an unblocked and back-pressed TCP/HTTP/UDP/QUIC client and server based on Netty framework. Reactor Netty had a security loophole, which originated in certain particular scenarios in a chain re-direction, where the certificate was leaked by Reactor Netty HTTP client.

Hazard Level

High

Vulnerability Type

其他

Published

2025-07-16

Last Modified

2026-02-24

References

https://spring.io/security/cve-2025-22227

Patch

https://spring.io/security/cve-2025-22227

Share on: