Is the Policy server admin UI impacted by CVE-2025-12183?

Policy server 12.9

It seems that the reported CVE will only affect untrusted compressed input. Since the library is included in WildFly modules and the admin UI's user console app deployed on WildFly won't utilize any compressed input, we can consider this issue to have no effect.

There’s no option in the admin UI to pass compressed input or have it processed by the user console application using org.lz4:lz4-java 1.8.0, so we can treat it as having no impact on Siteminder Admin UI functionality.

There is no fix for this CVE available as of now. A fix for this on the policy server admin UI will be released once the fix is available.

https://access.redhat.com/security/cve/cve-2025-12183