CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
CVE-2025-1247: Io.quarkus:quarkus-rest: quarkus rest endpoint request parameter leakage due to shared instance
Description
A flaw was found in Quarkus REST that allows request parameters to leak between concurrent requests if endpoints use field injection without a CDI scope. This vulnerability allows attackers to manipulate request data, impersonate users, or access sensitive information.
Classification
CVE ID: CVE-2025-1247
Affected Products
Vendor: Red Hat
Product: Red Hat build of Apache Camel for Quarkus
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.05% (probability of being exploited)
EPSS Percentile: 18.39% (scored less or equal to compared to others)
EPSS Date: 2025-03-14 (when was this score calculated)
References
https://access.redhat.com/security/cve/CVE-2025-1247https://bugzilla.redhat.com/show_bug.cgi?id=2345172