Security Advisory

CVE-2025-22234

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-22 21:02:23

Last updated 2026-01-22 21:27:13

Assigner vmware

State PUBLISHED

Description

The fix applied in CVE-2025-22228 inadvertently broke the timing attack mitigation implemented in DaoAuthenticationProvider. This can allow attackers to infer valid usernames or other authentication behavior via response-time differences under certain configurations.

← Browse all CVEs View on cve.org ↗