CVE-2025-2517
CVE-2025-2517 is a low-severity vulnerability with a CVSS 4.0 base score of 2.3. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-672.
Key facts
- Severity: Low (CVSS 4.0 base score 2.3)
- EPSS exploit prediction: 0% (28th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2025-12373
- Weakness: CWE-672
- Published:
- Last modified:
Description
Reference to Expired Domain Vulnerability in OpenText™ ArcSight Enterprise Security Manager.
Frequently asked questions
- What is CVE-2025-2517?
- Reference to Expired Domain Vulnerability in OpenText™ ArcSight Enterprise Security Manager.
- How severe is CVE-2025-2517?
- CVE-2025-2517 has a CVSS 4.0 base score of 2.3, rated low severity.
- Is CVE-2025-2517 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (28th percentile), an estimate of the probability of exploitation in the next 30 days.
- How do I fix CVE-2025-2517?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2025-2517 have an EU (EUVD) identifier?
- Yes. CVE-2025-2517 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-12373.
- When was CVE-2025-2517 published?
- CVE-2025-2517 was published on 2025-04-21 and last updated on 2026-06-17.
References
Other CWE-672 (Operation on a Resource after Expiration or Release) vulnerabilities
- CVE-2023-41094 — Critical (CVSS 10.0): TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing…
- CVE-2020-24030 — Critical (CVSS 9.8): ForLogic Qualiex v1 and v3 has weak token expiration. This allows remote unauthenticated privilege escalation and…
- CVE-2020-12043 — Critical (CVSS 9.8): The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when configured for wireless networking the FTP…
- CVE-2019-17638 — Critical (CVSS 9.4): In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an…
- CVE-2013-10075 — Critical (CVSS 9.1): Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores…
- CVE-2022-22755 — High (CVSS 8.8): By using XSL Transforms, a malicious webserver could have served a user an XSL document that would continue to execute…
Browse all CWE-672 (Operation on a Resource after Expiration or Release) vulnerabilities →