CVE-2025-1634: io.quarkus:quarkus-resteasy: Memory Leak in Quarkus RESTEasy Classic When Client Requests Timeout
A flaw was found in the quarkus-resteasy extension, which causes memory leaks when client requests with low timeouts are made. If a client request times out, a buffer is not released correctly, leading to increased memory usage and eventual application crash due to OutOfMemoryError.
References
- access.redhat.com/security/cve/CVE-2025-1634
- bugzilla.redhat.com/show_bug.cgi?id=2347319
- github.com/advisories/GHSA-4fwr-mh5q-hchh
- github.com/quarkusio/quarkus
- github.com/quarkusio/quarkus/commit/80b8eb41678cdccb46e964dc324d048a5ef00f4b
- github.com/quarkusio/quarkus/issues/46412
- nvd.nist.gov/vuln/detail/CVE-2025-1634
Detect and mitigate CVE-2025-1634 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →