CVE-2025-53393
Published Jun 28, 2025
·Updated
In Akka through 2.10.6, akka-cluster-metrics uses Java serialization for cluster metrics.
Affected Software
3 affected components
Akka akka-cluster-metrics<=2.10.6
maven/com.typesafe.akka:akka-cluster-metrics_2.13<=2.10.6
maven/com.typesafe.akka:akka-cluster-metrics_3<=2.10.6
Event History
Jun 28, 2025
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
DescriptionSeverityWeakness
Data Sourced
via NVD·11:15 PM
DescriptionSeverityWeakness
Jun 29, 2025
Advisory Published
via GitHub·12:30 AM
Data Sourced
via GitHub·12:30 AM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2025-53393?
The severity of CVE-2025-53393 is classified as high due to its reliance on Java serialization, which can lead to security vulnerabilities in Akka cluster metrics.
2
How do I fix CVE-2025-53393?
To fix CVE-2025-53393, upgrade akka-cluster-metrics to a version higher than 2.10.6 where the issue has been addressed.
3
What systems are affected by CVE-2025-53393?
CVE-2025-53393 affects systems using Akka akka-cluster-metrics up to version 2.10.6.
4
Is there a workaround for CVE-2025-53393?
A temporary workaround for CVE-2025-53393 includes disabling the use of certain metrics until an upgrade can be applied.
5
What are the risks of not addressing CVE-2025-53393?
Not addressing CVE-2025-53393 may expose your application to security risks such as remote code execution or unauthorized access to sensitive metrics.