Java Cache Write Degradation in Ehcache 3.x via Unfiltered External Keys
CVE-2025-2529 Published on October 15, 2025
IBM Terracotta denial of service
Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from (malicious) external parties in an unfiltered/unsalted way.
Vulnerability Analysis
CVE-2025-2529 can be exploited with local system access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a small impact on availability.
Weakness Type
Improper Handling of Syntactically Invalid Structure
The product does not handle or incorrectly handles input that is not syntactically well-formed with respect to the associated specification.
Products Associated with CVE-2025-2529
Want to know whenever a new CVE is published for IBM Terracotta? stack.watch will email you.
Affected Versions
IBM Terracotta:- Version 10.15.0, <= 10.15.0 IF23 is affected.
- Version 11.1.0, <= 11.1.0 IF5 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.