Red Hat Security Advisory: Streams for Apache Kafka 3.0.1 release and security update
Red Hat Streams for Apache Kafka, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat Streams for Apache Kafka 3.0.1 serves as a replacement for Red Hat Streams for Apache Kafka 3.0.0, and includes security and bug fixes, and enhancements. * Cruise Control, Drain Cleaner: Netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability [amq-st-3.0] "(CVE-2025-55163)" * Kafka: org.apache.commons:commons-lang3 : Uncontrolled Recursion [amq-st-3.0] "(CVE-2025-48924)"
AI Analysis
Technical Summary
Red Hat Streams for Apache Kafka 3.0.1 is a security update replacing version 3.0.0, addressing two vulnerabilities: CVE-2025-48924, an uncontrolled recursion vulnerability in the Apache Commons Lang3 library used by Kafka, and CVE-2025-55163, a denial-of-service vulnerability in the Netty HTTP/2 codec (netty-codec-http2) known as 'Netty MadeYouReset'. These vulnerabilities could potentially impact the stability and availability of the Kafka streaming platform. Red Hat rates the update as having a Moderate security impact. The advisory recommends applying this update after ensuring all previous errata are applied. No exploits are known in the wild at the time of the advisory.
Potential Impact
The vulnerabilities addressed could lead to denial-of-service conditions: CVE-2025-48924 involves uncontrolled recursion in Apache Commons Lang3, potentially causing application instability or crashes. CVE-2025-55163 is an HTTP/2 DDoS vulnerability in Netty's codec that could allow attackers to disrupt service availability. The overall impact is a potential degradation or interruption of Kafka streaming services relying on these components.
Mitigation Recommendations
Red Hat has released Streams for Apache Kafka 3.0.1 as a replacement for version 3.0.0, which includes fixes for these vulnerabilities. Users should apply this update after ensuring all previously released errata relevant to their system have been applied. Detailed update instructions are available at the Red Hat Customer Portal. No additional mitigations are specified or required beyond applying this official update.
Red Hat Security Advisory: Streams for Apache Kafka 3.0.1 release and security update
Description
Red Hat Streams for Apache Kafka, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat Streams for Apache Kafka 3.0.1 serves as a replacement for Red Hat Streams for Apache Kafka 3.0.0, and includes security and bug fixes, and enhancements. * Cruise Control, Drain Cleaner: Netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability [amq-st-3.0] "(CVE-2025-55163)" * Kafka: org.apache.commons:commons-lang3 : Uncontrolled Recursion [amq-st-3.0] "(CVE-2025-48924)"
Affected software
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Red Hat Streams for Apache Kafka 3.0.1 is a security update replacing version 3.0.0, addressing two vulnerabilities: CVE-2025-48924, an uncontrolled recursion vulnerability in the Apache Commons Lang3 library used by Kafka, and CVE-2025-55163, a denial-of-service vulnerability in the Netty HTTP/2 codec (netty-codec-http2) known as 'Netty MadeYouReset'. These vulnerabilities could potentially impact the stability and availability of the Kafka streaming platform. Red Hat rates the update as having a Moderate security impact. The advisory recommends applying this update after ensuring all previous errata are applied. No exploits are known in the wild at the time of the advisory.
Potential Impact
The vulnerabilities addressed could lead to denial-of-service conditions: CVE-2025-48924 involves uncontrolled recursion in Apache Commons Lang3, potentially causing application instability or crashes. CVE-2025-55163 is an HTTP/2 DDoS vulnerability in Netty's codec that could allow attackers to disrupt service availability. The overall impact is a potential degradation or interruption of Kafka streaming services relying on these components.
Mitigation Recommendations
Red Hat has released Streams for Apache Kafka 3.0.1 as a replacement for version 3.0.0, which includes fixes for these vulnerabilities. Users should apply this update after ensuring all previously released errata relevant to their system have been applied. Detailed update instructions are available at the Red Hat Customer Portal. No additional mitigations are specified or required beyond applying this official update.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:16407
- Cve Count
- 2
- Additional Cves
- ["CVE-2025-55163"]
- Cvss Version
- null
Threat ID: 6a294d7e8dd33fbd853ac709
Added to database: 6/10/2026, 11:41:50 AM
Last enriched: 6/10/2026, 12:00:58 PM
Last updated: 6/10/2026, 2:57:30 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.