Data Leakage Vulnerability in Quarkus Java Framework
CVE-2025-49574
What is CVE-2025-49574?
The Quarkus framework, utilized for developing cloud-native Java applications, is subject to a data leakage issue in versions before 3.24.0. This vulnerability arises when duplicating a duplicated context, potentially allowing new transactional data to leak into previously existing transaction data. This can expose sensitive information such as request scopes, security details, and metadata. Although the occurrence of duplicating a duplicated context is relatively rare, the implications on data integrity are significant. The issue has since been addressed and patched in version 3.24.0.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
quarkus >= 3.21.0.CR1, < 3.24.1 < 3.21.0.CR1, 3.24.1
quarkus >= 3.16.0.CR1, < 3.20.2 < 3.16.0.CR1, 3.20.2
quarkus < 3.15.6 < 3.15.6
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved