Security Bulletin: IBM Event Streams is vulnerable to information disclosure (CVE-2025-49574)

Summary IBM Event Streams is vulnerable to information disclosure due to improper handling of Vert.x duplicated contexts in Quarkus. Vulnerability Details CVEID:CVE-2025-49574 DESCRIPTION: Quarkus is a Cloud Native, Linux Container First framework for writing Java applications. In versions prior ...

CVE-2025-49574 vulnerabilities

Vulnerabilities for packages: knative-kafka-broker...

Security Bulletin: Multiple Vulnerabilities in IBM Event Processing

Summary Multiple vulnerabilities were addressed in IBM Event Processing version 1.4.5 Vulnerability Details CVEID:CVE-2025-30218 DESCRIPTION: Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which...

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for September 2025.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.1-IF005. These vulnerabilities have been also addressed in 25.0.0-IF001 and 24.0.0-IF004. Vulnerability Details CVEID:CVE-2025-48997 DESCRIPTION: Multer is a node.js middleware for handling...

CVE-2025-49574

A data leak vulnerability has been discovered in the io.quarkus:quarkus-vertx package. This flaw can lead to information disclosure if a Vert.x context that has already been duplicated is subsequently duplicated again. In such a scenario, sensitive data residing within that context may be...

CVE-2025-49574

creationtimestamp| type| source ---|---|--- 2025-06-23 20:47:31+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/19268 2025-06-24 00:17:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lsct2h6s5c23...

ai.timefold.solver:timefold-solver-quarkus-benchmark-integration-test (>=1.19.0 <=1.23.0), ai.timefold.solver:timefold-solver-quarkus-devui-integration-test (>=1.19.0 <=1.23.0) +2787 more potentially affected by CVE-2025-49574 via io.vertx:vertx-core (>=4.5.12 <=4.5.15)

io.vertx:vertx-core MAVEN version =4.5.12, =1.19.0, =1.19.0, =1.19.0, =1.19.0, =1.19.0, =1.19.0, =24.9.7, =24.9.7, =24.9.7, =24.9.7, =24.9.7, =24.9.7, =24.9.7, =24.9.7, =24.9.7, =25.3.10 and more Source cves: CVE-2025-49574 Source advisory: SNYK:JAVA-IOVERTX-10495500...

CVE-2025-49574

Quarkus is a Cloud Native, Linux Container First framework for writing Java applications. In versions prior to 3.24.1, 3.20.2, and 3.15.6, there is a potential data leak when duplicating a duplicated context. Quarkus extensively uses the Vert.x duplicated context to implement context propagation...

ai.timefold.solver:timefold-solver-quarkus-benchmark-integration-test (>=0.8.38 <=1.15.0), ai.timefold.solver:timefold-solver-quarkus-devui-integration-test (>=0.8.38 <=1.15.0) +3074 more potentially affected by CVE-2025-49574 via io.quarkus:quarkus-vertx (>=0.11.0 <=3.15.5)

io.quarkus:quarkus-vertx MAVEN version =0.11.0, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.1.0-quarkus-3.15-RC2, =0.1.0-quarkus-3.15-RC2, =1.0.4, =1.0.4, =0.0.2-alpha, =0.0.3-alpha, =0.0.10-alpha, =1.3.0-alpha-0 - br.com.senior:seniorx-integration-parameters-api...