Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Not affected by CVE-2025-8671 ?
The CVE-2025-8671 is not for Eclipse Jetty.

I reached out to the https://kb.cert.org folks about it.
This is a weird case where netty (not us) was associated with that specific CVE id.
But CVE-2025-8671 is not for netty, it's for Suse Linux. 
https://www.cve.org/CVERecord?id=CVE-2025-8671
Netty wanted it corrected, but the solution that cert.org took was to remove that CVE id entirely. (odd choice)

BTW, that CVE looks like a child of the recently published MadeYouReset vuln.
https://kb.cert.org/vuls/id/767506

- Joakim

On Mon, Aug 18, 2025 at 2:28 AM Matthias Pfau via jetty-users <jetty-users@xxxxxxxxxxx> wrote:
Hey,
I noticed that the reference to a jetty pull request was removed from https://nvd.nist.gov/vuln/detail/CVE-2025-8671.

Does that mean that jetty is not affected of this specific CVE?

Thanks!

Matthias
_______________________________________________
jetty-users mailing list
jetty-users@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/jetty-users

Back to the top