CVE-2024-6875 is a medium severity vulnerability identified in the Infinispan component used within Red Hat Data Grid. The issue arises in the REST compare API, where a memory management flaw leads to a buffer leak. Specifically, when the API receives continual requests containing large POST data payloads, it fails to release allocated memory after its effective lifetime. This results in a gradual increase in memory consumption, potentially culminating in an out-of-memory (OOM) condition on the affected server. The vulnerability requires network access (AV:N), low attack complexity (AC:L), and privileges (PR:L), but no user interaction (UI:N). The scope is unchanged (S:U), and the impact affects availability (A:H) without compromising confidentiality or integrity. Although no known exploits are currently reported in the wild, the vulnerability could be leveraged by an authenticated attacker with network access to degrade or disrupt service availability by exhausting system memory resources. This could lead to denial of service (DoS) conditions, impacting applications relying on Red Hat Data Grid for distributed caching or data grid services. The vulnerability was reserved in July 2024 and published in March 2025, with a CVSS v3.1 score of 6.5 indicating medium severity. No patches or mitigations are explicitly linked in the provided data, but remediation would typically involve applying vendor patches or updates that fix the memory leak in the REST compare API handling logic.

For European organizations, the impact of CVE-2024-6875 can be significant, especially for enterprises relying on Red Hat Data Grid for critical data caching and distributed data management. An attacker exploiting this vulnerability could cause service outages or degraded performance due to memory exhaustion, affecting business continuity and availability of applications. This is particularly critical for sectors such as finance, telecommunications, healthcare, and government services where high availability and data grid performance are essential. The denial of service caused by memory leaks could disrupt real-time data processing, transactional systems, or cloud-native applications that depend on Infinispan. Additionally, organizations with strict uptime requirements or those operating in regulated environments may face compliance and operational risks if the vulnerability is exploited. While confidentiality and integrity are not directly impacted, the availability degradation could indirectly affect trust and operational reliability.

To mitigate CVE-2024-6875, European organizations should: 1) Monitor and limit the size and frequency of POST requests to the REST compare API to reduce memory pressure. 2) Implement network-level access controls and authentication mechanisms to restrict access to the REST API only to trusted and authorized users or systems, minimizing exposure to potential attackers. 3) Apply any available patches or updates from Red Hat promptly once released to address the memory leak. 4) Employ resource monitoring and alerting on memory usage of Red Hat Data Grid instances to detect abnormal increases indicative of exploitation attempts. 5) Consider deploying rate limiting or API gateway solutions to throttle excessive or suspicious API requests. 6) Conduct regular security assessments and penetration testing focusing on API endpoints to identify and remediate similar resource exhaustion vulnerabilities. 7) In environments where patching is delayed, consider temporary workarounds such as restarting affected services periodically to release leaked memory, though this is not a long-term solution.