CVE-2025-46548

Name of the Vulnerable Software and Affected Versions Pekko Management versions prior to 1.1.1

Description The issue arises when Basic Authentication is enabled in Pekko Management using the Java DSL, potentially causing the authenticator to not be properly applied. This could affect users who rely on authentication instead of restricting access to the Management API ports to trusted users.

Recommendations For versions prior to 1.1.1, upgrade to version 1.1.1 to fix the issue. As a temporary workaround, consider restricting access to the Management API ports to only trusted users until the upgrade can be applied.