CVE-2025-22227

ADVISORY - github

Summary

In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects.

EPSS Score⁠: 0.00094 (0.263)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-200⁠

Exposure of Sensitive Information to an Unauthorized Actor

ADVISORY - github

CWE-200⁠

Exposure of Sensitive Information to an Unauthorized Actor

ADVISORY - redhat

CWE-601⁠

URL Redirection to Untrusted Site ('Open Redirect')

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.