CVE-2025-2529
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-15

Last updated on: 2025-10-16

Assigner: IBM Corporation

Description
Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from (malicious) external parties in an unfiltered/unsalted way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-15
Last Modified
2025-10-16
Generated
2026-06-16
AI Q&A
2025-10-15
EPSS Evaluated
2026-06-15
NVD
CVE-2025-2529
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
ibm ehcache 3.1
ibm terracotta 11.1.0
ibm terracotta 10.15.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-228 The product does not handle or incorrectly handles input that is not syntactically well-formed with respect to the associated specification.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a hash flooding Denial of Service (DoS) issue in Ehcache 3.x used within IBM Terracotta. It occurs when applications use cache keys directly sourced from external, potentially malicious users without filtering or salting. This improper handling causes hash collisions that degrade cache-write performance. [1]

Impact Analysis

The vulnerability can lead to degraded cache-write performance in applications using affected Ehcache versions if they accept unfiltered or unsalted keys from external sources. This results in a low-severity Denial of Service impact, specifically reducing availability due to performance degradation. [1]

Detection Guidance

This vulnerability can be detected by identifying if your application is using affected versions of Ehcache 3.x (specifically IBM Terracotta versions 10.15.0 up to Fix 23 and 11.1.0 up to Fix 5) and if it utilizes cache keys sourced directly from external, potentially malicious users without filtering or salting. There are no specific commands provided to detect this vulnerability on your network or system. [1]

Mitigation Strategies

The immediate step to mitigate this vulnerability is to apply the fixes provided by IBM: upgrade to IBM Terracotta 10.15.0 Fix 24 or later, or 11.1.0 Fix 6 or later. These fixes can be downloaded and installed via the IBM webMethods Update Manager. No other workarounds or mitigations are provided. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-2529. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart