CVE-2025-49574

CVSS v3.1

6.4

Medium

Vector

AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions: Quarkus versions prior to 3.24.0

Description: The issue is related to a potential data leak when duplicating a duplicated context in Quarkus, which extensively uses the Vert.x duplicated context to implement context propagation. This can cause data from one transaction to leak into another. A significant amount of data is stored in the duplicated context, including request scope, security details, and metadata. Duplicating a duplicated context is rare and only occurs in a few places.

Recommendations: For versions prior to 3.24.0, update to version 3.24.0 to resolve the issue. As a temporary workaround, consider restricting the use of context duplication to minimize the risk of data leakage.

Exploit

Fix

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-668

Related Identifiers

ALT-PU-2025-10780

ALT-PU-2025-13422

CVE-2025-49574

ECHO-49D8-EE3F-6DE3

GHSA-9623-MJ7J-P9V4

Affected Products

Alt Linux

Quarkus

CVE-2025-49574

Weakness Enumeration

Related Identifiers

Affected Products

References · 15