akka-cluster-metrics uses Java serialization for cluster metrics · CVE-2025-53393 · GitHub Advisory Database · GitHub

akka-cluster-metrics uses Java serialization for cluster metrics

Moderate severity GitHub Reviewed Published Jun 29, 2025 to the GitHub Advisory Database • Updated Jun 30, 2025

Package

com.typesafe.akka:akka-cluster-metrics_2.13 (Maven)

Affected versions

<= 2.10.6

Patched versions

None

com.typesafe.akka:akka-cluster-metrics_3 (Maven)

<= 2.10.6

None

Description

In Akka through 2.10.6, akka-cluster-metrics uses Java serialization for cluster metrics.

References

Published by the National Vulnerability Database

Jun 28, 2025

Published to the GitHub Advisory Database Jun 29, 2025

Reviewed Jun 30, 2025

Last updated Jun 30, 2025

Severity

Moderate

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

High

Privileges required

Low

User interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L