VYPR
High severity8.3GHSA Advisory· Published Feb 13, 2025· Updated Apr 15, 2026

CVE-2025-1247

CVE-2025-1247

Description

A flaw was found in Quarkus REST that allows request parameters to leak between concurrent requests if endpoints use field injection without a CDI scope. This vulnerability allows attackers to manipulate request data, impersonate users, or access sensitive information.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
io.quarkus:quarkus-restMaven
>= 3.16.0.CR1, < 3.18.23.18.2
io.quarkus:quarkus-rest-deploymentMaven
>= 3.16.0.CR1, < 3.18.23.18.2
io.quarkus:quarkus-restMaven
>= 3.9.0.CR1, < 3.15.3.13.15.3.1
io.quarkus:quarkus-rest-deploymentMaven
>= 3.9.0.CR1, < 3.15.3.13.15.3.1
io.quarkus:quarkus-restMaven
< 3.8.6.13.8.6.1
io.quarkus:quarkus-rest-deploymentMaven
< 3.8.6.13.8.6.1

Affected products

17

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.