CVE-2025-24970
Published: 10 February 2025
Summary
CVE-2025-24970 is a high-severity Improper Input Validation (CWE-20) vulnerability in Netapp Active Iq Unified Manager. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 23.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
Netty, an asynchronous event-driven network application framework, contains an input validation flaw in its SslHandler component that affects versions 4.1.91.Final through versions prior to 4.1.118.Final. When a specially crafted packet is processed, the handler fails to perform correct validation in all cases, resulting in a native crash. The issue is tracked under CWE-20 and carries a CVSS 3.1 score of 7.5 reflecting high availability impact reachable over the network without authentication.
An unauthenticated remote attacker can exploit the vulnerability by sending a maliciously constructed TLS packet to any Netty-based application that uses the native SSLEngine path, causing the process to terminate and producing a denial-of-service condition. No privileges or user interaction are required, and the attack can be carried out over the network with low complexity.
The GitHub Security Advisory and accompanying commit indicate that version 4.1.118.Final contains the fix. As a workaround, operators can disable the native SSLEngine implementation or apply the validation changes manually; NetApp has also published an advisory referencing the same remediation steps. The associated EPSS score remains low, with only a modest increase between its current and peak values.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-3996
Vulnerability details
Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases…
more
which can lead to a native crash. Version 4.1.118.Final contains a patch. As workaround its possible to either disable the usage of the native SSLEngine or change the code manually.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables remote exploitation of improper input validation in SslHandler to trigger a native crash, directly facilitating application or system exploitation for denial of service (T1499.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires timely identification, reporting, and correction of flaws such as the improper input validation in Netty's SslHandler that leads to native crashes from crafted packets.
Mandates validation of information inputs like specially crafted SSL packets to ensure they are properly handled and prevent native crashes due to CWE-20 improper input validation.
Provides protection against denial-of-service events, limiting the availability impact of native crashes triggered by remote attackers sending crafted packets.