HomeCVE Intelligence › CVE-2025-53114
CVSS 7.5 HIGH Vulnerability

CVE-2025-53114: Acknowledgement extension out of memory

Impact Bad clients that always send a fixed batch value while the server is using the acknowledgement extension can cause the unacknowledged message queue to grow indefinitely, eventually resulting in an OutOfMemoryErro…

7.5CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2025-53114
Vendormaven
Affected Productorg.cometd.java:cometd-java-server-common
Vulnerability TypeVulnerability
CVSS Score7.5 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

#

Impact

Bad clients that always send a fixed batch value while the server is using the acknowledgement extension can cause the unacknowledged message queue to grow indefinitely, eventually resulting in an OutOfMemoryError. Such bad clients would always send: ``json { "channel": "/meta/connect", ... "ext": { "ack": 1 } } `` The server would never clear the unacknowledged message queue, and one bad client can cause a server outage.

Patches

5.0.x - https://github.com/cometd/cometd/pull/2168 6.0.x - https://github.com/cometd/cometd/pull/2169 8.0.x - https://github.com/cometd/cometd/pull/2118

Workarounds

Disable the acknowledgement extension.

Resources

https://github.com/cometd/cometd/discussions/2116 https://github.com/cometd/cometd/issues/2117

🎯 Known Indicators of Compromise

{"type":"url","value":"https://github.com/cometd/cometd/pull/2168","confidence_score":0.82,"first_seen":"2026-06-10","source_count":1} {"type":"url","value":"https://github.com/cometd/cometd/pull/2169","confidence_score":0.82,"first_seen":"2026-06-10","source_count":1} {"type":"url","value":"https://github.com/cometd/cometd/pull/2118","confidence_score":0.82,"first_seen":"2026-06-10","source_count":1} {"type":"url","value":"https://github.com/cometd/cometd/discussions/2116","confidence_score":0.82,"first_seen":"2026-06-10","source_count":1} {"type":"url","value":"https://github.com/cometd/cometd/issues/2117","confidence_score":0.82,"first_seen":"2026-06-10","source_count":1}

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2025-53114 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence