CVE-2025-49574 – Quarkus Vert.x Data Leak

June 23, 2025

CVE ID : CVE-2025-49574

Published : June 23, 2025, 8:15 p.m. | 5 hours, 46 minutes ago

Description : Quarkus is a Cloud Native, (Linux) Container First framework for writing Java applications. In versions prior to 3.24.0, there is a potential data leak when duplicating a duplicated context. Quarkus extensively uses the Vert.x duplicated context to implement context propagation. With the new semantic data from one transaction can leak to the data from another transaction. From a Vert.x point of view, this new semantic clarifies the behavior. A significant amount of data is stored in the duplicated context, including request scope, security details, and metadata. Duplicating a duplicated context is rather rare and is only done in a few places. This issue has been patched in version 3.24.0.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-23092 – Mitel OpenScape Accounting Path Traversal Vulnerability

Next Article Notepad++ Vulnerability Let Attacker Gains Complete System Control – PoC Released

Highlights

CVE-2025-48871 – Apache HTTP Server Remote Code Execution Vulnerability

May 30, 2025

CVE ID : CVE-2025-48871

Published : May 30, 2025, 8:15 p.m. | 1 hour, 25 minutes ago

Description : Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-47056. Reason: This candidate is a duplicate of CVE-2024-47056. Notes: All CVE users should reference CVE-2024-47056 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: One Last ID

9 Ways AI Code Generation in React.js Reduces Technical Debt for Product Teams

GitHub details upcoming changes to improve security in wake of Shai-Hulud worm in npm ecosystem

Syncfusion restructures Essential Studio into multiple different suites to provide greater flexibility for developers

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

Development Release: MX Linux 25 Beta 1

DistroWatch Weekly, Issue 1140

A Stream-Oriented UI library for interactive web applications

A Stream-Oriented UI library for interactive web applications

billboard.js 3.17.0: ✨ New Axis Customization, Label Styling & Image Labels!

AEM and Cloudflare Workers: The Ultimate Duo for Blazing Fast Pages

Distribution Release: Kali Linux 2025.3

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

How I Configure Polybar to Customize My Linux Desktop

CVE-2025-49574 – Quarkus Vert.x Data Leak

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Prompt Engineering Cheat Sheet for GPT-5: Learn These Patterns for Solid Code Generation

CVE-2025-7660 – Map My Locations WordPress Stored Cross-Site Scripting Vulnerability

Radxa OS – Debian-based Linux distribution

Microsoft Teams now warns you before sharing sensitive info

CVE-2025-48871 – Apache HTTP Server Remote Code Execution Vulnerability

CVE-2025-46805 – Screen Privilege Escalation TOCTOU Vulnerability

CVE-2025-46235 – SKT Blocks – Gutenberg based Page Builder Cross-site Scripting

Beyond Aha Moments: Structuring Reasoning in Large Language Models

CVE-2025-49574 – Quarkus Vert.x Data Leak

Related Posts