CVE-2025-22227

CVE-2025-22227

In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects.

Published Jul 17, 2025

https://github.com/advisories/GHSA-4q2v-9p7v-3v22

CVSS ScoreMedium

5.9

Vulnerabilities

CVE-2025-22227

In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects.

Published Jul 17, 2025

https://github.com/advisories/GHSA-4q2v-9p7v-3v22

CVSS ScoreMedium

5.9

CVE-2025-22227 Security Details

CVE ID: CVE-2025-22227
CWE: CWE-200
CVE Description: In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects.
Published: Jul 17, 2025
CVSS Score & Severity: 5.9Medium
CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
EPSS Score: 0.110%
Malware: malware
KEV Status: Not in KEV Catalog: No known exploits
Vulnerable Methods: reactor/netty/http/client/Http2StreamBridgeClientHandler.handlerAdded(Lio/netty/channel/ChannelHandlerContext;)V
JVM
reactor/netty/http/client/HttpClientConfig.addStreamHandlers(Lio/netty/channel/Channel;Lreactor/netty/ConnectionObserver;Lreactor/netty/channel/ChannelOperations$OnSetup;ZLreactor/netty/channel/ChannelMetricsRecorder;Ljava/net/SocketAddress;Ljava/net/SocketAddress;JLjava/util/function/Function;)V
JVM
Affected Ecosystems: affected
Source: National Vulnerability Database
References: https://github.com/advisories/GHSA-4q2v-9p7v-3v22THIRD_PARTY

CVE-2025-22227 Security Details

CVE ID: CVE-2025-22227
CWE: CWE-200
CVE Description: In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects.
Published: Jul 17, 2025
CVSS Score & Severity: 5.9Medium
CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
EPSS Score: 0.110%
Malware: malware
KEV Status: Not in KEV Catalog: No known exploits
Vulnerable Methods: reactor/netty/http/client/Http2StreamBridgeClientHandler.handlerAdded(Lio/netty/channel/ChannelHandlerContext;)V
JVM
reactor/netty/http/client/HttpClientConfig.addStreamHandlers(Lio/netty/channel/Channel;Lreactor/netty/ConnectionObserver;Lreactor/netty/channel/ChannelOperations$OnSetup;ZLreactor/netty/channel/ChannelMetricsRecorder;Ljava/net/SocketAddress;Ljava/net/SocketAddress;JLjava/util/function/Function;)V
JVM
Affected Ecosystems: affected
Source: National Vulnerability Database
References: https://github.com/advisories/GHSA-4q2v-9p7v-3v22THIRD_PARTY

Find vulnerabilities. Fix fast with AI.

CVE-2025-22227

CVE-2025-22227 Security Details

CVE-2025-22227 Security Details