Primary

Context

Akka Cluster Metrics Java Serialization Vulnerability

Vulnerability

Patched

A vulnerability exists in Akka versions through 2.10.6, where the cluster metrics module improperly utilizes Java serialization for metrics data. This issue could lead to serialization errors, particularly during rolling updates, although such errors are expected to resolve once the update process is complete.

Impact

The use of Java serialization for cluster metrics could cause serialization errors, especially during rolling updates, potentially disrupting the update process.

Remediation

Users can upgrade to Akka version 2.10.7 or later, where this vulnerability has been addressed.

Added: Jun 28, 2025, 11:20 PM

Updated: Jun 28, 2025, 11:20 PM

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

0.6

exploitability

3.3

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

0.6

exploitability

3.3

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Akka Cluster Metrics Java Serialization Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Akka

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating