CVE-2025-46548: Pekko Akka Management Auth Bypass
Using `toScala` from `scala.compat.java8` to convert a Java `CompletionStage` within a Pekko/Akka Management Java DSL authenticator causes an improper execution model mapping. This results in the authentication directive failing open, completely bypassing Basic Authentication. Use `.asScala` from `scala.jdk.FutureConverters` instead.
Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0
Scalaβ
Scalaβgreprules fetch cve-2025-46548-pekko-akka-management-auth-bypass --engine opengrepDescription
Using `toScala` from `scala.compat.java8` to convert a Java `CompletionStage` within a Pekko/Akka Management Java DSL authenticator causes an improper execution model mapping. This results in the authentication directive failing open, completely bypassing Basic Authentication. Use `.asScala` from `scala.jdk.FutureConverters` instead.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0