6.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2020-25689

GHSA ID

GHSA-97hp-6q9g-5cw2

EPSS Score

0.4688%

CWE

CWE-400

Published

5/24/2022

Updated

1/27/2023

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-25689

CVE-2020-25689: Uncontrolled Resource Consumption in WildFly

A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2020-25689

CVE-2020-25689:

6.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2020-25689

GHSA ID

GHSA-97hp-6q9g-5cw2

EPSS Score

0.4688%

CWE

CWE-400

Published

5/24/2022

Updated

1/27/2023

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.wildfly:wildfly-dist	maven	<= 21.0.0	21.0.1

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from the HostController's persistent reconnection attempts creating unclosed connections. The primary indicators are:

HostController$ReconnectTask.run() - Directly referenced in Red Hat's WFCORE-5105 as the looping reconnection mechanism
ManagementClient.establishConnection() - Core connection creation point called during each retry
ProtocolChannelClient.connect() - Low-level network resource allocator for management channels

These functions would appear in profiler stack traces showing repeated connection attempts without corresponding cleanup. The patch likely added connection.close() calls in ReconnectTask and proper error handling in ManagementClient.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

6.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2020-25689: Uncontrolled Resource Consumption in WildFly

CVE-2020-25689:

6.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

6.5

6.5

Basic Information

Basic Information

CVE-2020-25689: Uncontrolled Resource Consumption in WildFly

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI