CVE-2025-1247

A flaw was found in Quarkus REST that allows request parameters to leak between concurrent requests if endpoints use field injection without a CDI scope. This vulnerability allows attackers to manipulate request data, impersonate users, or access sensitive information. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt