CVE-2025-24970

Published Feb 10, 2025

Last updated a month ago

CVSS high 7.5

Overview

Description
Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash. Version 4.1.118.Final contains a patch. As workaround its possible to either disable the usage of the native SSLEngine or change the code manually.
Source
security-advisories@github.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity
HIGH

Weaknesses

security-advisories@github.com
CWE-20

Social media

Hype score
Not currently trending

  1. CVE-2025-24970: Improper Input Validation in Confluence Data Center&Server, 7.5 rating❗️ Vuln in the Netty framework could lead to DoS if an attacker sends a special packet. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/d4X8Q0k7Hq #cybersecurity #vulnerability_m

    @Netlas_io

    16 Apr 2025

    47 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Actively exploited CVE : CVE-2025-24970

    @transilienceai

    30 Mar 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. 🚨 CVE-2025-24970 🔴 HIGH (7.5) 🏢 netty - netty 🏗️ >= https://t.co/qiK334GZ4u, <= https://t.co/qMeQRifmv0 🔗 https://t.co/FrS5KnxDtv 🔗 https://t.co/vYfgMQ3tIO #CyberCron #VulnAlert https://t.co/Bri6xUzeZS

    @cybercronai

    12 Feb 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-24970 Netty SslHandler Vulnerability Causing Native Crash in Versions https://t.co/3eobqHtx3A https://t.co/RuEwEsb5PK

    @VulmonFeeds

    11 Feb 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-24970 Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version https://t.co/aVUbaBerTZ and prior to version https://t.co/5mJZ6f4cSh. When a sp… https://t.co/ccfWdSOGkF

    @CVEnew

    10 Feb 2025

    372 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Eclipse Vert.x 4.5.13 has been released https://t.co/Jh2GEqhCkL it fixes a couple of bugs as well as CVE-2025-24970 (CVSS v3.1: 7.5) and CVE-2025-25193 (CVSS v3.1: 5.5)

    @vertx_project

    10 Feb 2025

    457 Impressions

    4 Retweets

    11 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.