{"url":"http://public2.vulnerablecode.io/api/packages/810507?format=json","purl":"pkg:maven/io.quarkus/quarkus-vertx@3.8.2","type":"maven","namespace":"io.quarkus","name":"quarkus-vertx","version":"3.8.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.15.6","latest_non_vulnerable_version":"3.24.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97722?format=json","vulnerability_id":"VCID-bfy1-jjy8-k3gr","summary":"Quarkus is a Cloud Native, (Linux) Container First framework for writing Java applications. In versions prior to 3.24.1, 3.20.2, and 3.15.6, there is a potential data leak when duplicating a duplicated context. Quarkus extensively uses the Vert.x duplicated context to implement context propagation. With the new semantic data from one transaction can leak to the data from another transaction. From a Vert.x point of view, this new semantic clarifies the behavior. A significant amount of data is stored in the duplicated context, including request scope, security details, and metadata. Duplicating a duplicated context is rather rare and is only done in a few places. This issue has been patched in version 3.24.1, 3.20.2, and 3.15.6.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49574.json","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49574.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49574","reference_id":"","reference_type":"","scores":[{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31395","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31605","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31586","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-49574"},{"reference_url":"https://github.com/quarkusio/quarkus","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/quarkusio/quarkus"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49574","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-49574"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2374376","reference_id":"2374376","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2374376"},{"reference_url":"https://github.com/quarkusio/quarkus/commit/2b58f59f4bf0bae7d35b1abb585b65f2a66787d1","reference_id":"2b58f59f4bf0bae7d35b1abb585b65f2a66787d1","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-24T13:32:59Z/"}],"url":"https://github.com/quarkusio/quarkus/commit/2b58f59f4bf0bae7d35b1abb585b65f2a66787d1"},{"reference_url":"https://github.com/quarkusio/quarkus/commit/31e8a3bfcf4e223788615d5ce25eb929ca251275","reference_id":"31e8a3bfcf4e223788615d5ce25eb929ca251275","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-24T13:32:59Z/"}],"url":"https://github.com/quarkusio/quarkus/commit/31e8a3bfcf4e223788615d5ce25eb929ca251275"},{"reference_url":"https://github.com/quarkusio/quarkus/releases/tag/3.24.1","reference_id":"3.24.1","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-24T13:32:59Z/"}],"url":"https://github.com/quarkusio/quarkus/releases/tag/3.24.1"},{"reference_url":"https://github.com/quarkusio/quarkus/issues/48227","reference_id":"48227","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-24T13:32:59Z/"}],"url":"https://github.com/quarkusio/quarkus/issues/48227"},{"reference_url":"https://github.com/quarkusio/quarkus/pull/48486","reference_id":"48486","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-24T13:32:59Z/"}],"url":"https://github.com/quarkusio/quarkus/pull/48486"},{"reference_url":"https://github.com/quarkusio/quarkus/commit/d1ee57e7b826872b6355cfec0ae13465840e232c","reference_id":"d1ee57e7b826872b6355cfec0ae13465840e232c","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-24T13:32:59Z/"}],"url":"https://github.com/quarkusio/quarkus/commit/d1ee57e7b826872b6355cfec0ae13465840e232c"},{"reference_url":"https://github.com/advisories/GHSA-9623-mj7j-p9v4","reference_id":"GHSA-9623-mj7j-p9v4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9623-mj7j-p9v4"},{"reference_url":"https://github.com/quarkusio/quarkus/security/advisories/GHSA-9623-mj7j-p9v4","reference_id":"GHSA-9623-mj7j-p9v4","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-24T13:32:59Z/"}],"url":"https://github.com/quarkusio/quarkus/security/advisories/GHSA-9623-mj7j-p9v4"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12511","reference_id":"RHSA-2025:12511","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:12511"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13010","reference_id":"RHSA-2025:13010","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13010"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13012","reference_id":"RHSA-2025:13012","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13012"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23417","reference_id":"RHSA-2025:23417","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23417"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/378792?format=json","purl":"pkg:maven/io.quarkus/quarkus-vertx@3.15.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-vertx@3.15.6"},{"url":"http://public2.vulnerablecode.io/api/packages/378793?format=json","purl":"pkg:maven/io.quarkus/quarkus-vertx@3.20.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-vertx@3.20.2"},{"url":"http://public2.vulnerablecode.io/api/packages/378794?format=json","purl":"pkg:maven/io.quarkus/quarkus-vertx@3.24.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-vertx@3.24.1"}],"aliases":["CVE-2025-49574","GHSA-9623-mj7j-p9v4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bfy1-jjy8-k3gr"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-vertx@3.8.2"}