High severity8.3GHSA Advisory· Published Feb 13, 2025· Updated Apr 15, 2026
CVE-2025-1247
CVE-2025-1247
Description
A flaw was found in Quarkus REST that allows request parameters to leak between concurrent requests if endpoints use field injection without a CDI scope. This vulnerability allows attackers to manipulate request data, impersonate users, or access sensitive information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.quarkus:quarkus-restMaven | >= 3.16.0.CR1, < 3.18.2 | 3.18.2 |
io.quarkus:quarkus-rest-deploymentMaven | >= 3.16.0.CR1, < 3.18.2 | 3.18.2 |
io.quarkus:quarkus-restMaven | >= 3.9.0.CR1, < 3.15.3.1 | 3.15.3.1 |
io.quarkus:quarkus-rest-deploymentMaven | >= 3.9.0.CR1, < 3.15.3.1 | 3.15.3.1 |
io.quarkus:quarkus-restMaven | < 3.8.6.1 | 3.8.6.1 |
io.quarkus:quarkus-rest-deploymentMaven | < 3.8.6.1 | 3.8.6.1 |
Affected products
17- osv-coords16 versionspkg:apk/chainguard/keycloakpkg:apk/chainguard/keycloak-bitnami-compatpkg:apk/chainguard/keycloak-bitnami-fipspkg:apk/chainguard/keycloak-compatpkg:apk/chainguard/keycloak-fipspkg:apk/chainguard/keycloak-fips-bitnami-compatpkg:apk/chainguard/keycloak-fips-policy-140-2pkg:apk/chainguard/keycloak-fips-policy-140-3pkg:apk/chainguard/keycloak-iamguarded-compatpkg:apk/chainguard/keycloak-iamguarded-fipspkg:apk/wolfi/keycloakpkg:apk/wolfi/keycloak-bitnami-compatpkg:apk/wolfi/keycloak-compatpkg:apk/wolfi/keycloak-iamguarded-compatpkg:maven/io.quarkus/quarkus-restpkg:maven/io.quarkus/quarkus-rest-deployment
< 26.1.3-r0+ 15 more
- (no CPE)range: < 26.1.3-r0
- (no CPE)range: < 26.1.3-r0
- (no CPE)range: < 26.1.3-r0
- (no CPE)range: < 26.1.3-r0
- (no CPE)range: < 26.1.3-r0
- (no CPE)range: < 26.1.3-r0
- (no CPE)range: < 26.1.3-r0
- (no CPE)range: < 26.1.3-r0
- (no CPE)range: < 26.1.3-r0
- (no CPE)range: < 26.1.3-r0
- (no CPE)range: < 26.1.3-r0
- (no CPE)range: < 26.1.3-r0
- (no CPE)range: < 26.1.3-r0
- (no CPE)range: < 26.1.3-r0
- (no CPE)range: >= 3.16.0.CR1, < 3.18.2
- (no CPE)range: >= 3.16.0.CR1, < 3.18.2
Patches
Vulnerability mechanics
References
12- github.com/advisories/GHSA-phg3-gv66-q38xghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-1247ghsaADVISORY
- access.redhat.com/errata/RHSA-2025:1884nvdWEB
- access.redhat.com/errata/RHSA-2025:1885nvdWEB
- access.redhat.com/errata/RHSA-2025:2067nvdWEB
- access.redhat.com/security/cve/CVE-2025-1247nvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- github.com/quarkusio/quarkus/commit/02ff9ed45c3928edf2a0f8b906543606fed7cd53ghsaWEB
- github.com/quarkusio/quarkus/commit/d8df15cec17dc5d085efc372d77cbef1341ae071ghsaWEB
- github.com/quarkusio/quarkus/commit/f42166ee7041ed09b7183d5dbf3ece2439b16676ghsaWEB
- github.com/quarkusio/quarkus/issues/45789nvdWEB
- quarkus.io/blog/cve-fixes-feb-2025ghsaWEB
News mentions
0No linked articles in our index yet.