Netty Codec Allows Remote Code Execution via Deserialization

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Netty Codec Allows Remote Code Execution via Deserialization

ROOT-APP-MAVEN-CVE-2025-58057

Summary

A security patch has been released for Netty Codec, a popular Java library used for network communication. If exploited, this vulnerability could allow attackers to run malicious code on your server, potentially leading to unauthorized access or data theft. We recommend updating to a patched version of Netty Codec to ensure the security of your application.

What to do

Update io.root.io.netty:netty-codec to version 4.1.118.Final-root.io.11.

Affected software

Vendor	Product	Affected versions	Fix available
–	io.root.io.netty:netty-codec	<= 4.1.118.Final-root.io.11	4.1.118.Final-root.io.11

Original title

CVE-2025-58057 in io.root.io.netty:netty-codec - Patched by Root

Original description

Root has patched CVE-2025-58057 in the io.root.io.netty:netty-codec package for Root:Maven. Multiple fixed versions available.

Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 9 Apr 2026