- Description
- Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash. Version 4.1.118.Final contains a patch. As workaround its possible to either disable the usage of the native SSLEngine or change the code manually.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- netty, active_iq_unified_manager, oncommand_insight
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
- Severity
- HIGH
- security-advisories@github.com
- CWE-20
- nvd@nist.gov
- NVD-CWE-noinfo
- Hype score
- Not currently trending
CVE-2025-24970: Improper Input Validation in Confluence Data Center&Server, 7.5 rating❗️ Vuln in the Netty framework could lead to DoS if an attacker sends a special packet. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/d4X8Q0k7Hq #cybersecurity #vulnerability_m
@Netlas_io
16 Apr 2025
47 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-24970
@transilienceai
30 Mar 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 CVE-2025-24970 🔴 HIGH (7.5) 🏢 netty - netty 🏗️ >= https://t.co/qiK334GZ4u, <= https://t.co/qMeQRifmv0 🔗 https://t.co/FrS5KnxDtv 🔗 https://t.co/vYfgMQ3tIO #CyberCron #VulnAlert https://t.co/Bri6xUzeZS
@cybercronai
12 Feb 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24970 Netty SslHandler Vulnerability Causing Native Crash in Versions https://t.co/3eobqHtx3A https://t.co/RuEwEsb5PK
@VulmonFeeds
11 Feb 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24970 Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version https://t.co/aVUbaBerTZ and prior to version https://t.co/5mJZ6f4cSh. When a sp… https://t.co/ccfWdSOGkF
@CVEnew
10 Feb 2025
372 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Eclipse Vert.x 4.5.13 has been released https://t.co/Jh2GEqhCkL it fixes a couple of bugs as well as CVE-2025-24970 (CVSS v3.1: 7.5) and CVE-2025-25193 (CVSS v3.1: 5.5)
@vertx_project
10 Feb 2025
457 Impressions
4 Retweets
11 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FFD13BDE-F4C1-4B4C-9E46-C4482F977174",
"versionEndExcluding": "4.1.118",
"versionStartIncluding": "4.1.91"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*",
"vulnerable": true,
"matchCriteriaId": "F3E0B672-3E06-4422-B2A4-0BD073AEC2A1"
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"vulnerable": true,
"matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5"
},
{
"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE"
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5"
}
],
"operator": "OR"
}
]
}
]