CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-1634: Io.quarkus:quarkus-resteasy: memory leak in quarkus resteasy classic when client requests timeout

Description

A flaw was found in the quarkus-resteasy extension, which causes memory leaks when client requests with low timeouts are made. If a client request times out, a buffer is not released correctly, leading to increased memory usage and eventual application crash due to OutOfMemoryError.

Classification

CVE ID: CVE-2025-1634

Problem Types

Missing Release of Memory after Effective Lifetime

Affected Products

Vendor: Red Hat, Red Hat

Product: Red Hat build of Apache Camel for Quarkus, Red Hat build of Quarkus

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.07% (probability of being exploited)

EPSS Percentile: 18.67% (scored less or equal to compared to others)

EPSS Date: 2025-03-27 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-1634
https://access.redhat.com/security/cve/CVE-2025-1634
https://bugzilla.redhat.com/show_bug.cgi?id=2347319

Timeline

2025-02-26 17:41:09 UTC
CVE

Io.quarkus:quarkus-resteasy: memory leak in quarkus resteasy classic when client requests timeout
2025-02-26 22:15:23 UTC
Github Advisory Database (Maven)

[io.quarkus:quarkus-resteasy] io.quarkus:quarkus-resteasy: Memory Leak in Quarkus RESTEasy Classic When Client Requests Timeout