Security Advisory

CVE-2025-1247

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-02-13 13:26:26

Last updated 2026-03-23 16:52:29

Assigner redhat

State PUBLISHED

Description

A flaw was found in Quarkus REST that allows request parameters to leak between concurrent requests if endpoints use field injection without a CDI scope. This vulnerability allows attackers to manipulate request data, impersonate users, or access sensitive information.

← Browse all CVEs View on cve.org ↗