CVE-2025-66560

Name of the Vulnerable Software and Affected Versions Quarkus versions prior to 3.31.0 Quarkus versions prior to 3.27.2 Quarkus versions prior to 3.20.5

Description Quarkus is a Cloud Native framework for Java applications. A flaw exists in the HTTP layer related to response handling. When writing a response, the framework waits for previous response chunks to transmit fully. If the client connection drops during this wait, the worker thread remains blocked indefinitely. Repeated occurrences can exhaust worker threads, causing performance degradation or application unavailability. A health check monitoring worker thread pool status can detect abnormal thread retention.

Recommendations Update to Quarkus version 3.31.0 or later. Update to Quarkus version 3.27.2 or later. Update to Quarkus version 3.20.5 or later. Implement a health check to monitor the status and saturation of the worker thread pool.