CVE-2025-14969

A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. This action may lead to leaking connections from the database connection pool, potentially causing a Denial of Service (DoS) by exhausting available database connections.

CVSS v3 4.3 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2026:1965
https://access.redhat.com/security/cve/CVE-2025-14969
https://bugzilla.redhat.com/show_bug.cgi?id=2423822

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Se encontró una vulnerabilidad en Hibernate Reactive. Cuando un endpoint HTTP está expuesto para realizar operaciones de base de datos, un cliente remoto puede cerrar prematuramente la conexión HTTP. Esta acción puede provocar la fuga de conexiones del pool de conexiones de la base de datos, lo que podría causar una denegación de servicio (DoS) al agotar las conexiones de base de datos disponibles.

05 Feb 2026, 15:16

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2026:1965 -

26 Jan 2026, 20:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-26 20:16

Updated : 2026-04-15 00:35

NVD link : CVE-2025-14969

Mitre link : CVE-2025-14969

CVE.ORG link : CVE-2025-14969

JSON object : View

Products Affected

No product.

CWE

CWE-772

Missing Release of Resource after Effective Lifetime

4.3 /10