[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-23184":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T20:55:33.689Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":93,"aliases":94,"duplicate_of":9,"upstream":96,"downstream":97,"duplicates":108,"related":109,"reserved_at":9,"published_at":112,"modified_at":113,"state":114,"summary":115,"references_raw":124,"kevs":176,"epss":177,"epss_history":180,"metrics":448,"affected":462},"CVE-2025-23184","A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients).",null,[11,86],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-400","Uncontrolled Resource Consumption","The product does not properly control the allocation and maintenance of a limited resource.","weakness","Draft","Class","High",[20,24,82],{"id":21,"name":22,"techniques":23},"CAPEC-147","XML Ping of the Death",[],{"id":25,"name":26,"techniques":27},"CAPEC-227","Sustained Client Engagement",[28],{"id":29,"name":30,"tactics":31,"countermeasures":35},"T1499","Endpoint Denial of Service",[32],{"id":33,"name":34},"TA0105","Impact",[36,41,45,49,53,57,61,65,69,73,78],{"id":37,"name":38,"tactic":39},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":40},"Detect",{"id":42,"name":43,"tactic":44},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":40},{"id":46,"name":47,"tactic":48},"D3-CSPP","Client-server Payload Profiling",{"name":40},{"id":50,"name":51,"tactic":52},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":40},{"id":54,"name":55,"tactic":56},"D3-NTSA","Network Traffic Signature Analysis",{"name":40},{"id":58,"name":59,"tactic":60},"D3-APCA","Application Protocol Command Analysis",{"name":40},{"id":62,"name":63,"tactic":64},"D3-NTCD","Network Traffic Community Deviation",{"name":40},{"id":66,"name":67,"tactic":68},"D3-RTSD","Remote Terminal Session Detection",{"name":40},{"id":70,"name":71,"tactic":72},"D3-ISVA","Inbound Session Volume Analysis",{"name":40},{"id":74,"name":75,"tactic":76},"D3-NTF","Network Traffic Filtering",{"name":77},"Isolate",{"id":79,"name":80,"tactic":81},"D3-ITF","Inbound Traffic Filtering",{"name":77},{"id":83,"name":84,"techniques":85},"CAPEC-492","Regular Expression Exponential Blowup",[],{"_key":87,"id":87,"name":88,"description":89,"type":90,"status":91,"abstraction":9,"likelihood_of_exploit":9,"capec":92},"NVD-CWE-NOINFO","Insufficient Information","NVD uses this CWE ID when there is insufficient information to assign a specific CWE.","placeholder","NVD-Reserved",[],[],[95],"GHSA-fh5r-crhr-qrrq",[],[98,100,102,104,106],{"_key":99},"RHSA-2025:10452",{"_key":101},"RHSA-2025:10453",{"_key":103},"RHSA-2025:10924",{"_key":105},"RHSA-2025:10925",{"_key":107},"RHSA-2025:10926",[],[110],{"_key":111},"CGA-G2C7-5J8P-4CX5","2025-01-21T09:35:37.468Z","2025-12-15T15:58:16.867Z","Modified",{"cisa_kev":116,"cisa_ransomware":116,"cisa_vendor":9,"epss_severity":117,"epss_score":118,"severity":119,"severity_score":120,"severity_version":121,"severity_source":122,"severity_vector":123,"severity_status":114},false,"low",0.00147,"high",7.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",[125,134,138,142,146,150,155,159,163,168,172],{"url":126,"sources":127,"tags":130},"https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122",[128,122,129],"cve.org","osv_maven",[131,132,133],"Vendor Advisory","Mailing List","WEB",{"url":135,"sources":136,"tags":137},"http://www.openwall.com/lists/oss-security/2025/01/20/3",[128,122,129],[132,133],{"url":139,"sources":140,"tags":141},"https://security.netapp.com/advisory/ntap-20250214-0003/",[128,122],[],{"url":143,"sources":144,"tags":145},"https://www.vicarius.io/vsociety/posts/cve-2025-23184-detect-apache-cxf-vulnerability",[128,122,129],[133],{"url":147,"sources":148,"tags":149},"https://www.vicarius.io/vsociety/posts/cve-2025-23184-mitigate-apache-cxf-vulnerability",[128,122,129],[133],{"url":151,"sources":152,"tags":153},"https://nvd.nist.gov/vuln/detail/CVE-2025-23184",[129],[154],"Advisory",{"url":156,"sources":157,"tags":158},"https://github.com/apache/cxf/pull/2048",[129],[133],{"url":160,"sources":161,"tags":162},"https://github.com/apache/cxf/pull/2111",[129],[133],{"url":164,"sources":165,"tags":166},"https://github.com/apache/cxf",[129],[167],"PACKAGE",{"url":169,"sources":170,"tags":171},"https://issues.apache.org/jira/browse/CXF-7396",[129],[133],{"url":173,"sources":174,"tags":175},"https://security.netapp.com/advisory/ntap-20250214-0003",[129],[133],[],{"date":178,"score":118,"percentile":179},"2026-06-05",0.34903,[181,185,188,191,195,197,200,203,206,209,212,215,217,220,224,228,231,234,237,240,243,246,249,251,254,258,261,264,267,270,273,276,279,282,285,287,290,293,296,299,302,305,308,312,315,318,321,324,327,329,332,335,338,341,344,347,349,352,354,358,361,364,366,369,371,374,377,380,382,385,388,391,394,396,399,402,406,409,412,415,418,421,424,427,430,433,436,439,442,444],{"date":182,"score":183,"percentile":184},"2025-11-04",0.00331,0.55478,{"date":186,"score":183,"percentile":187},"2025-11-05",0.55444,{"date":189,"score":183,"percentile":190},"2025-11-06",0.55454,{"date":192,"score":193,"percentile":194},"2025-11-07",0.00254,0.48628,{"date":196,"score":193,"percentile":194},"2025-11-08",{"date":198,"score":193,"percentile":199},"2025-11-09",0.48606,{"date":201,"score":193,"percentile":202},"2025-11-10",0.48579,{"date":204,"score":193,"percentile":205},"2025-11-11",0.48594,{"date":207,"score":193,"percentile":208},"2025-11-12",0.48618,{"date":210,"score":193,"percentile":211},"2025-11-13",0.48621,{"date":213,"score":193,"percentile":214},"2025-11-14",0.48634,{"date":216,"score":193,"percentile":194},"2025-11-15",{"date":218,"score":193,"percentile":219},"2025-11-16",0.48614,{"date":221,"score":222,"percentile":223},"2025-11-17",0.00268,0.50077,{"date":225,"score":226,"percentile":227},"2025-11-18",0.00962,0.74556,{"date":229,"score":226,"percentile":230},"2025-11-19",0.74564,{"date":232,"score":226,"percentile":233},"2025-11-20",0.74573,{"date":235,"score":222,"percentile":236},"2025-11-21",0.50087,{"date":238,"score":222,"percentile":239},"2025-11-22",0.50081,{"date":241,"score":222,"percentile":242},"2025-11-23",0.50043,{"date":244,"score":222,"percentile":245},"2025-11-24",0.50032,{"date":247,"score":222,"percentile":248},"2025-11-25",0.5004,{"date":250,"score":222,"percentile":245},"2025-11-26",{"date":252,"score":222,"percentile":253},"2025-11-27",0.50038,{"date":255,"score":256,"percentile":257},"2025-11-28",0.00621,0.69242,{"date":259,"score":256,"percentile":260},"2025-11-29",0.6923,{"date":262,"score":256,"percentile":263},"2025-11-30",0.69227,{"date":265,"score":222,"percentile":266},"2025-12-01",0.50125,{"date":268,"score":222,"percentile":269},"2025-12-02",0.50143,{"date":271,"score":222,"percentile":272},"2025-12-03",0.50139,{"date":274,"score":256,"percentile":275},"2025-12-04",0.69224,{"date":277,"score":256,"percentile":278},"2025-12-05",0.69239,{"date":280,"score":256,"percentile":281},"2025-12-06",0.69244,{"date":283,"score":256,"percentile":284},"2025-12-07",0.6924,{"date":286,"score":256,"percentile":281},"2025-12-08",{"date":288,"score":256,"percentile":289},"2025-12-09",0.69272,{"date":291,"score":256,"percentile":292},"2025-12-10",0.69315,{"date":294,"score":256,"percentile":295},"2025-12-11",0.69338,{"date":297,"score":256,"percentile":298},"2025-12-12",0.69365,{"date":300,"score":256,"percentile":301},"2025-12-13",0.69366,{"date":303,"score":256,"percentile":304},"2025-12-14",0.69371,{"date":306,"score":256,"percentile":307},"2025-12-15",0.69367,{"date":309,"score":310,"percentile":311},"2025-12-16",0.01337,0.79493,{"date":313,"score":310,"percentile":314},"2025-12-17",0.79504,{"date":316,"score":310,"percentile":317},"2025-12-18",0.79523,{"date":319,"score":310,"percentile":320},"2025-12-19",0.79533,{"date":322,"score":310,"percentile":323},"2025-12-20",0.79528,{"date":325,"score":310,"percentile":326},"2025-12-21",0.7952,{"date":328,"score":310,"percentile":326},"2025-12-22",{"date":330,"score":310,"percentile":331},"2025-12-23",0.79519,{"date":333,"score":310,"percentile":334},"2025-12-24",0.79535,{"date":336,"score":310,"percentile":337},"2025-12-25",0.79556,{"date":339,"score":310,"percentile":340},"2025-12-26",0.7955,{"date":342,"score":310,"percentile":343},"2025-12-27",0.79597,{"date":345,"score":310,"percentile":346},"2025-12-28",0.79539,{"date":348,"score":310,"percentile":334},"2025-12-29",{"date":350,"score":310,"percentile":351},"2025-12-30",0.79542,{"date":353,"score":310,"percentile":337},"2025-12-31",{"date":355,"score":356,"percentile":357},"2026-01-01",0.00581,0.68418,{"date":359,"score":356,"percentile":360},"2026-01-02",0.68404,{"date":362,"score":356,"percentile":363},"2026-01-03",0.68405,{"date":365,"score":310,"percentile":340},"2026-01-04",{"date":367,"score":310,"percentile":368},"2026-01-05",0.79547,{"date":370,"score":310,"percentile":340},"2026-01-06",{"date":372,"score":310,"percentile":373},"2026-01-07",0.79555,{"date":375,"score":310,"percentile":376},"2026-01-08",0.79564,{"date":378,"score":310,"percentile":379},"2026-01-09",0.79566,{"date":381,"score":310,"percentile":379},"2026-01-10",{"date":383,"score":310,"percentile":384},"2026-01-11",0.79559,{"date":386,"score":310,"percentile":387},"2026-01-12",0.79545,{"date":389,"score":310,"percentile":390},"2026-01-13",0.79543,{"date":392,"score":310,"percentile":393},"2026-01-14",0.79563,{"date":395,"score":310,"percentile":379},"2026-01-15",{"date":397,"score":310,"percentile":398},"2026-01-16",0.79575,{"date":400,"score":310,"percentile":401},"2026-01-17",0.79584,{"date":403,"score":404,"percentile":405},"2026-01-18",0.00677,0.7097,{"date":407,"score":404,"percentile":408},"2026-01-19",0.70964,{"date":410,"score":404,"percentile":411},"2026-01-20",0.70973,{"date":413,"score":404,"percentile":414},"2026-01-21",0.70977,{"date":416,"score":404,"percentile":417},"2026-01-22",0.70989,{"date":419,"score":404,"percentile":420},"2026-01-23",0.71018,{"date":422,"score":404,"percentile":423},"2026-01-24",0.71024,{"date":425,"score":404,"percentile":426},"2026-01-25",0.70998,{"date":428,"score":404,"percentile":429},"2026-01-26",0.70993,{"date":431,"score":404,"percentile":432},"2026-01-27",0.70996,{"date":434,"score":404,"percentile":435},"2026-01-28",0.71014,{"date":437,"score":404,"percentile":438},"2026-01-29",0.71013,{"date":440,"score":404,"percentile":441},"2026-01-30",0.71021,{"date":443,"score":404,"percentile":423},"2026-01-31",{"date":445,"score":446,"percentile":447},"2026-02-01",0.00404,0.60581,[449,456,460],{"source":128,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":450,"cvss_v4_0":9},{"baseScore":451,"baseSeverity":452,"vectorString":453,"impactScore":454,"exploitabilityScore":455},5.9,"MEDIUM","CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",6,5.6,{"source":122,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":457,"cvss_v4_0":9},{"baseScore":120,"baseSeverity":458,"vectorString":123,"impactScore":454,"exploitabilityScore":459},"HIGH",10,{"source":129,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":461,"cvss_v4_0":9},{"baseScore":120,"baseSeverity":9,"vectorString":123,"impactScore":454,"exploitabilityScore":459},[463,483,494],{"ecosystem":9,"name":464,"vendor":465,"product":466,"cpe_part":467,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":468},"Apache CXF","apache software foundation","apache cxf","a",[469,474,479],{"version":470,"is_range":471,"range_type":128,"version_start":9,"version_start_type":9,"version_end":472,"version_end_type":473,"fixed_in":9},"\u003C 3.5.10",true,"3.5.10","excluding",{"version":475,"is_range":471,"range_type":128,"version_start":476,"version_start_type":477,"version_end":478,"version_end_type":473,"fixed_in":9},">= 3.6.0, \u003C 3.6.5","3.6.0","including","3.6.5",{"version":480,"is_range":471,"range_type":128,"version_start":481,"version_start_type":477,"version_end":482,"version_end_type":473,"fixed_in":9},">= 4.0.0, \u003C 4.0.6","4.0.0","4.0.6",{"ecosystem":9,"name":484,"vendor":485,"product":484,"cpe_part":467,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":486},"cxf","apache",[487,490,492],{"version":488,"is_range":471,"range_type":489,"version_start":9,"version_start_type":9,"version_end":472,"version_end_type":473,"fixed_in":9},"lt3.5.10","cpe",{"version":491,"is_range":471,"range_type":489,"version_start":476,"version_start_type":477,"version_end":478,"version_end_type":473,"fixed_in":9},"gte3.6.0_lt3.6.5",{"version":493,"is_range":471,"range_type":489,"version_start":481,"version_start_type":477,"version_end":482,"version_end_type":473,"fixed_in":9},"gte4.0.0_lt4.0.6",{"ecosystem":495,"name":496,"vendor":497,"product":498,"cpe_part":9,"purl_type":499,"purl_namespace":497,"purl_name":498,"source":9,"versions":500},"Maven","org.apache.cxf:cxf-core","org.apache.cxf","cxf-core","maven",[501,504,506],{"version":502,"is_range":471,"range_type":503,"version_start":9,"version_start_type":9,"version_end":472,"version_end_type":473,"fixed_in":9},"lt3_5_10","ecosystem",{"version":505,"is_range":471,"range_type":503,"version_start":476,"version_start_type":477,"version_end":478,"version_end_type":473,"fixed_in":9},"gte3_6_0_lt3_6_5",{"version":507,"is_range":471,"range_type":503,"version_start":481,"version_start_type":477,"version_end":482,"version_end_type":473,"fixed_in":9},"gte4_0_0_lt4_0_6"]