CVE-2025-1634— Io.quarkus:quarkus-resteasy: memory leak in quarkus resteasy classic when client requests timeout
I. Basic Information for CVE-2025-1634
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Io.quarkus:quarkus-resteasy: memory leak in quarkus resteasy classic when client requests timeout
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw was found in the quarkus-resteasy extension, which causes memory leaks when client requests with low timeouts are made. If a client request times out, a buffer is not released correctly, leading to increased memory usage and eventual application crash due to OutOfMemoryError.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
在移除最后引用时对内存的释放不恰当(内存泄露)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Red Hat Quarkus 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Red Hat Quarkus是美国红帽(Red Hat)公司的一个无线网络。用于专门针对容器优化 Java,并使其成为无服务器、云和 Kubernetes 环境的高效平台。 Red Hat Quarkus存在安全漏洞,该漏洞源于客户端请求超时后未正确释放缓冲区,导致内存泄漏。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | - | 0 ~ 3.8.6 | - | |
| Red Hat | Red Hat Build of Apache Camel 4.8 for Quarkus 3.15 | - | cpe:/a:redhat:camel_quarkus:3.15 | |
| Red Hat | Red Hat build of Quarkus 3.15.3.SP1 | - | cpe:/a:redhat:quarkus:3.15::el8 | |
| Red Hat | Red Hat build of Quarkus 3.8.6.SP3 | - | cpe:/a:redhat:quarkus:3.8::el8 | |
| Red Hat | Streams for Apache Kafka 2.9.1 | - | cpe:/a:redhat:amq_streams:2.9::el9 | |
| Red Hat | Streams for Apache Kafka 3.0.0 | - | cpe:/a:redhat:amq_streams:3.0::el9 | |
| Red Hat | Streams for Apache Kafka 3.1.0 | - | cpe:/a:redhat:amq_streams:3.1::el9 | |
| Red Hat | Red Hat build of Quarkus | - | cpe:/a:redhat:quarkus:3 |
II. Public POCs for CVE-2025-1634
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-1634
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same weakness: CWE-401
- CVE-2026-43506
Prosody 安全漏洞 - CVE-2026-7379
Missing Release of Memory after Effective Lifetime in Wiresh - CVE-2026-40336
libgphoto2 has memory leak in ptp_unpack_Sony_DPD() secondar - CVE-2026-33775
Junos OS: MX Series: Mismatch between configured and receive - CVE-2026-33782
Junos OS: MX Series: In specific DHCPv6 scenarios jdhcpd mem
V. Comments for CVE-2025-1634
No comments yet