Cyber Resilience

CVE-2025-24970

HighPublic PoC

Published: 10 February 2025

Published
10 February 2025
Modified
05 September 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0095 76.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-24970 is a high-severity Improper Input Validation (CWE-20) vulnerability in Netapp Active Iq Unified Manager. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 23.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

Netty, an asynchronous event-driven network application framework, contains an input validation flaw in its SslHandler component that affects versions 4.1.91.Final through versions prior to 4.1.118.Final. When a specially crafted packet is processed, the handler fails to perform correct validation in all cases, resulting in a native crash. The issue is tracked under CWE-20 and carries a CVSS 3.1 score of 7.5 reflecting high availability impact reachable over the network without authentication.

An unauthenticated remote attacker can exploit the vulnerability by sending a maliciously constructed TLS packet to any Netty-based application that uses the native SSLEngine path, causing the process to terminate and producing a denial-of-service condition. No privileges or user interaction are required, and the attack can be carried out over the network with low complexity.

The GitHub Security Advisory and accompanying commit indicate that version 4.1.118.Final contains the fix. As a workaround, operators can disable the native SSLEngine implementation or apply the validation changes manually; NetApp has also published an advisory referencing the same remediation steps. The associated EPSS score remains low, with only a modest increase between its current and peak values.

EU & UK References

Vulnerability details

Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases…

more

which can lead to a native crash. Version 4.1.118.Final contains a patch. As workaround its possible to either disable the usage of the native SSLEngine or change the code manually.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

The vulnerability enables remote exploitation of improper input validation in SslHandler to trigger a native crash, directly facilitating application or system exploitation for denial of service (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-1736Same product class: NAS / storage appliance
CVE-2025-1215Same product class: NAS / storage appliance
CVE-2025-0411Same product: Netapp Active Iq Unified Manager
CVE-2024-53693Same product class: NAS / storage appliance
CVE-2026-42583Same product: Netty Netty
CVE-2026-42582Same product: Netty Netty
CVE-2026-42587Same product: Netty Netty
CVE-2026-42577Same product: Netty Netty
CVE-2025-26512Same product class: NAS / storage appliance
CVE-2025-24928Same product: Netapp Active Iq Unified Manager

Affected Assets

netty
netty
4.1.91 — 4.1.118
netapp
active iq unified manager
all versions
netapp
oncommand insight
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely identification, reporting, and correction of flaws such as the improper input validation in Netty's SslHandler that leads to native crashes from crafted packets.

prevent

Mandates validation of information inputs like specially crafted SSL packets to ensure they are properly handled and prevent native crashes due to CWE-20 improper input validation.

prevent

Provides protection against denial-of-service events, limiting the availability impact of native crashes triggered by remote attackers sending crafted packets.

References