Akka Management API Basic Authentication Is Not Effective

Date

2025-06-03

CVE

CVE-2025-46548

Description of Vulnerability

If you enable Basic Authentication in Akka Management using the Java DSL, the authenticator may not be properly applied. Users that rely on authentication instead of making sure the Management API ports are only available to trusted users are recommended to upgrade to version 1.6.1, which fixes this issue.

Severity

The CVSS score of this vulnerability is 6.5, based on vector (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).

Impact

Improper Authentication.

Resolution

Authentication properly applied.

Affected versions

All Akka Management versions prior to 1.6.1

Fixed versions

Akka Management 1.6.1

References

https://nvd.nist.gov/vuln/detail/CVE-2025-46548

akka-management PR #1385