CVE-2025-23184

Name of the Vulnerable Software and Affected Versions Apache CXF versions prior to 3.5.10 Apache CXF versions prior to 3.6.5 Apache CXF versions prior to 4.0.6

Description A potential denial of service issue is present in Apache CXF. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system. This issue applies to both servers and clients. An exploit can cause resource exhaustion, resulting in a denial of service.

Recommendations For versions prior to 3.5.10, update to version 3.5.10 or later to resolve the issue. For versions prior to 3.6.5, update to version 3.6.5 or later to resolve the issue. For versions prior to 4.0.6, update to version 4.0.6 or later to resolve the issue. As a temporary workaround, consider implementing measures to monitor and limit the use of temporary files to prevent file system exhaustion.