Summaryinfo

A vulnerability, which was classified as problematic, was found in Akka up to 2.10.6. The affected element is an unknown function of the component Cluster Metrics Handler. Executing a manipulation can lead to deserialization. This vulnerability is handled as CVE-2025-53393. The attack can be executed remotely. There is not any exploit available. A patch should be applied to remediate this issue.

Detailsinfo

A vulnerability was found in Akka up to 2.10.6. It has been declared as problematic. This vulnerability affects some unknown functionality of the component Cluster Metrics Handler. The manipulation with an unknown input leads to a deserialization vulnerability. The CWE definition for the vulnerability is CWE-502. The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:

In Akka through 2.10.6, akka-cluster-metrics uses Java serialization for cluster metrics.

The advisory is available at github.com. This vulnerability was named CVE-2025-53393 since 06/28/2025. The exploitation appears to be difficult. The attack can be initiated remotely. The technical details are unknown and an exploit is not available.

Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com.

The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2025-19463). Once again VulDB remains the best source for vulnerability data.

Productinfo

Name

• Akka

Version

• 2.10.0
• 2.10.1
• 2.10.2
• 2.10.3
• 2.10.4
• 2.10.5
• 2.10.6

Website

• Product: https://github.com/akka/akka/

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion