Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-1247

Good to know:

icon
icon

Date: February 13, 2025

A flaw was found in Quarkus REST that allows request parameters to leak between concurrent requests if endpoints use field injection without a CDI scope. This vulnerability allows attackers to manipulate request data, impersonate users, or access sensitive information.

Severity Score

Related Resources (13)

https://access.redhat.com/security/cve/CVE-2025-1247
https://access.redhat.com/errata/RHSA-2025:2067
https://github.com/quarkusio/quarkus/issues/45789
https://github.com/quarkusio/quarkus/commit/d8df15cec17dc5d085efc372d77cbef1341ae071
https://quarkus.io/blog/cve-fixes-feb-2025
https://bugzilla.redhat.com/show_bug.cgi?id=2345172
https://github.com/quarkusio/quarkus
https://access.redhat.com/errata/RHSA-2025:1884
https://github.com/quarkusio/quarkus/commit/02ff9ed45c3928edf2a0f8b906543606fed7cd53
https://access.redhat.com/errata/RHSA-2025:1885
https://nvd.nist.gov/vuln/detail/CVE-2025-1247
https://github.com/quarkusio/quarkus/commit/f42166ee7041ed09b7183d5dbf3ece2439b16676
https://www.mend.io/vulnerability-database/CVE-2025-1247

Severity Score

Weakness Type (CWE)

Exposure of Data Element to Wrong Session

CWE-488

Top Fix

icon

Upgrade Version

Upgrade to version io.quarkus:quarkus-rest-deployment:3.18.2;io.quarkus:quarkus-rest-deployment:3.15.3.1;io.quarkus:quarkus-rest:3.18.2;io.quarkus:quarkus-rest:3.15.3.1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): LOW

Do you need more information?

Contact Us