icon

We found results for “

CVE-2025-49574

Good to know:

icon
icon

Date: June 23, 2025

Quarkus is a Cloud Native, (Linux) Container First framework for writing Java applications. In versions prior to 3.24.0, there is a potential data leak when duplicating a duplicated context. Quarkus extensively uses the Vert.x duplicated context to implement context propagation. With the new semantic data from one transaction can leak to the data from another transaction. From a Vert.x point of view, this new semantic clarifies the behavior. A significant amount of data is stored in the duplicated context, including request scope, security details, and metadata. Duplicating a duplicated context is rather rare and is only done in a few places. This issue has been patched in version 3.24.0.

Severity Score

Severity Score

Weakness Type (CWE)

Exposure of Resource to Wrong Sphere

CWE-668

Top Fix

icon

Upgrade Version

Upgrade to version io.quarkus:quarkus-vertx:3.24.0;https://github.com/quarkusio/quarkus.git - null

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): ADJACENT_NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): NONE

Do you need more information?

Contact Us