PT-2025-26642 · Quarkus+1 · Quarkus+1

Markusdlugi

Publicado

2025-06-23

Atualizado

2025-11-01

CVE-2025-49574

CVSS v3.1

6.4

Média

Vetor

AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions: Quarkus versions prior to 3.24.0

Description: The issue is related to a potential data leak when duplicating a duplicated context in Quarkus, which extensively uses the Vert.x duplicated context to implement context propagation. This can cause data from one transaction to leak into another. A significant amount of data is stored in the duplicated context, including request scope, security details, and metadata. Duplicating a duplicated context is rare and only occurs in a few places.

Recommendations: For versions prior to 3.24.0, update to version 3.24.0 to resolve the issue. As a temporary workaround, consider restricting the use of context duplication to minimize the risk of data leakage.

Exploit

Correção

Exposure of Resource to Wrong Sphere

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-668

Identificadores relacionados

ALT-PU-2025-10780

ALT-PU-2025-13422

CVE-2025-49574

ECHO-49D8-EE3F-6DE3

GHSA-9623-MJ7J-P9V4

Produtos afetados

Alt Linux

Quarkus

PT-2025-26642 · Quarkus+1 · Quarkus+1

CVE-2025-49574

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 15