CVE-2025-53864 and telemetry-core/gson

[ftiercelin]

Hello,

telemetry-core:jar:0.17.0 is said to be vulnerable to CVE-2025-53864 through a shaded dependency on com.google.code.gson:gson:2.8.9

Is this CVE confirmed by NewRelic and if confirmed: is there any plan on addressing it?

Thanks

[Newrelic-Boomi]

https://new-relic.atlassian.net/browse/NR-444206