CVE-2025-1634

HIGH 7.5

Io.quarkus:quarkus-resteasy: memory leak in quarkus resteasy classic when client requests timeout

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

0th

A flaw was found in the quarkus-resteasy extension, which causes memory leaks when client requests with low timeouts are made. If a client request times out, a buffer is not released correctly, leading to increased memory usage and eventual application crash due to OutOfMemoryError.

CWE	CWE-401
Published	Feb 26, 2025
Last Updated	Dec 17, 2025

Stay Ahead of the Next One

Get instant alerts for

Be the first to know when new high vulnerabilities are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected Versions

Red Hat / Red Hat Build of Apache Camel 4.8 for Quarkus 3.15

All versions affected

Red Hat / Red Hat build of Quarkus 3.15.3.SP1

All versions affected

Red Hat / Red Hat build of Quarkus 3.8.6.SP3

All versions affected

Red Hat / Streams for Apache Kafka 2.9.1

All versions affected

Red Hat / Streams for Apache Kafka 3.0.0

All versions affected

Red Hat / Streams for Apache Kafka 3.1.0

All versions affected

References

NVD ↗ CVE.org ↗ EPSS Data ↗

access.redhat.com: https://access.redhat.com/errata/RHSA-2025:12511 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:1884 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:1885 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:2067 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:23417 access.redhat.com: https://access.redhat.com/errata/RHSA-2025:9922 access.redhat.com: https://access.redhat.com/security/cve/CVE-2025-1634 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2347319