CVE-2025-14969 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-14969 PUBLISHED CVSS 4.300000190734863 MEDIUM

A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. This action may lead to leaking connections from the database connection pool, potentially causing a Denial of Service (DoS) by exhausting available database connections.

EPSS 0.02% · 3.3th percentile

Risk Scores

CVSS v3.1

4.300000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

EPSS Score

0.02%

3.3th percentile

Affected Products

Vendor	Product	Versions
Red Hat	Red Hat JBoss Enterprise Application Platform 8
Red Hat	Red Hat OpenShift Dev Spaces
Red Hat	Red Hat build of Quarkus 3.27.2
Red Hat	Red Hat JBoss Enterprise Application Platform Expansion Pack
Red Hat	Red Hat JBoss Enterprise Application Platform 8
Red Hat	Red Hat JBoss Enterprise Application Platform Expansion Pack
Red Hat	Red Hat OpenShift Dev Spaces
Maven	org.hibernate.reactive:hibernate-reactive-core	0

Timeline

Jan 22, 2026 Nuclei Template
Jan 22, 2026 Fix Commit
Jan 26, 2026 CVE Published
Jan 26, 2026 PoC Published
Jan 27, 2026 EPSS Score
Jan 29, 2026 EPSS Score
Jan 31, 2026 EPSS Score
Feb 2, 2026 EPSS Score
Feb 4, 2026 EPSS Score
Feb 5, 2026 CVE Updated
Feb 6, 2026 EPSS Score
Feb 8, 2026 EPSS Score

References

RHSA-2026:1965 vendor-advisory
https://access.redhat.com/security/cve/CVE-2025-14969 vdb
RHBZ#2423822 issue
https://nvd.nist.gov/vuln/detail/CVE-2025-14969 advisory
https://github.com/hibernate/hibernate-reactive/commit/cd7f104e10de918004707ca0e26e3840976f780a url
https://github.com/hibernate/hibernate-reactive package

Open in Interactive Console →