CVE-2025-1634: Missing Release of Memory after Effective Lifetime
A flaw was found in the quarkus-resteasy extension, which causes memory leaks when client requests with low timeouts are made. If a client request times out, a buffer is not released correctly, leading to increased memory usage and eventual application crash due to OutOfMemoryError.
AI Analysis
Technical Summary
The vulnerability CVE-2025-1634 exists in the quarkus-resteasy extension where memory buffers are not released correctly after client request timeouts. This leads to memory leaks that can accumulate, resulting in an OutOfMemoryError and application crash. The issue is triggered by client requests with low timeout values. Red Hat has acknowledged this vulnerability and issued security advisories with patches for their builds of Quarkus, including version 3.8.6.SP3. The CVSS v3.1 base score is 7.5, indicating high severity, with an impact limited to availability (application crash) and no confidentiality or integrity impact reported.
Potential Impact
The vulnerability causes a denial of service condition through memory exhaustion when client requests timeout, leading to application crashes due to OutOfMemoryError. There is no reported impact on confidentiality or integrity. No known exploits in the wild have been reported. The affected software is Red Hat builds of Quarkus, specifically the quarkus-resteasy extension.
Mitigation Recommendations
Red Hat has released official security updates that fix this memory leak vulnerability in their builds of Quarkus, including version 3.8.6.SP3. Users should apply these updates following Red Hat's guidance to remediate the issue. Before applying the update, ensure all previously released errata relevant to your system are applied. No additional mitigation steps are indicated by the vendor advisory.
CVE-2025-1634: Missing Release of Memory after Effective Lifetime
Description
A flaw was found in the quarkus-resteasy extension, which causes memory leaks when client requests with low timeouts are made. If a client request times out, a buffer is not released correctly, leading to increased memory usage and eventual application crash due to OutOfMemoryError.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability CVE-2025-1634 exists in the quarkus-resteasy extension where memory buffers are not released correctly after client request timeouts. This leads to memory leaks that can accumulate, resulting in an OutOfMemoryError and application crash. The issue is triggered by client requests with low timeout values. Red Hat has acknowledged this vulnerability and issued security advisories with patches for their builds of Quarkus, including version 3.8.6.SP3. The CVSS v3.1 base score is 7.5, indicating high severity, with an impact limited to availability (application crash) and no confidentiality or integrity impact reported.
Potential Impact
The vulnerability causes a denial of service condition through memory exhaustion when client requests timeout, leading to application crashes due to OutOfMemoryError. There is no reported impact on confidentiality or integrity. No known exploits in the wild have been reported. The affected software is Red Hat builds of Quarkus, specifically the quarkus-resteasy extension.
Mitigation Recommendations
Red Hat has released official security updates that fix this memory leak vulnerability in their builds of Quarkus, including version 3.8.6.SP3. Users should apply these updates following Red Hat's guidance to remediate the issue. Before applying the update, ensure all previously released errata relevant to your system are applied. No additional mitigation steps are indicated by the vendor advisory.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- redhat
- Date Reserved
- 2025-02-24T14:23:22.369Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/errata/RHSA-2025:12511","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:1884","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:1885","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:2067","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:23417","vendor":"Red Hat"},{"url":"https://access.redhat.com/errata/RHSA-2025:9922","vendor":"Red Hat"},{"url":"https://access.redhat.com/security/cve/CVE-2025-1634","vendor":"Red Hat"}]
Threat ID: 68629a946f40f0eb728bd83d
Added to database: 6/30/2025, 2:09:24 PM
Last enriched: 5/7/2026, 1:44:50 AM
Last updated: 5/9/2026, 7:45:50 AM
Views: 138
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.