CVE-2025-58057

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Netty versions 4.1.124.Final and below Netty versions 4.2.4.Final and below

Description Netty is an asynchronous event-driven network application framework. Certain decompression decoders, including BrotliDecoder, can allocate a large number of byte buffers when provided with specially crafted input, potentially leading to a denial of service. The decompress function within BrotliDecoder repeatedly calls pull, decompressing data in 64KB chunks, and the resulting buffers remain reachable until an out-of-memory (OOM) error occurs.

Recommendations Update to Netty version 4.1.125.Final or later. Update to Netty version 4.2.5.Final or later.

Exploit

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-409

Related Identifiers

ALT-PU-2025-12309

ALT-PU-2025-13422

BDU:2025-12594

CLEANSTART-2026-DD05788

CLEANSTART-2026-GH89210

CLEANSTART-2026-GQ14179

CLEANSTART-2026-IA43044

CLEANSTART-2026-JU62349

CLEANSTART-2026-JW30455

CLEANSTART-2026-KM27583

CLEANSTART-2026-KU61465

CLEANSTART-2026-LE11246

CLEANSTART-2026-MM00120

CLEANSTART-2026-RN56220

CLEANSTART-2026-SP91806

CLEANSTART-2026-SQ91016

CLEANSTART-2026-SV95049

CLEANSTART-2026-VH41554

CLEANSTART-2026-WG59699

CLEANSTART-2026-WK99982

CVE-2025-58057

ECHO-5B70-97C8-C749

GHSA-3P8M-J85Q-PGMJ

OPENSUSE-SU-2025:15520-1

SUSE-SU-2025:03114-1

SUSE-SU-2025_03114-1

USN-7918-1

Affected Products

Alt Linux

Debian

Linuxmint

Netty

Red Os

Suse

Ubuntu

CVE-2025-58057

Weakness Enumeration

Related Identifiers

Affected Products

References · 433