Red Hat Security Advisory: Red Hat build of Quarkus 3.27.1.SP1 security update
Red Hat has released a security update for its build of Quarkus version 3. 27. 1. SP1 addressing three vulnerabilities: two in the lz4-java library involving information disclosure and denial of service via out-of-bounds memory operations, and one cross-site scripting vulnerability in Eclipse Vert. x web. These issues have been rated as important by Red Hat Product Security. The update is intended to fix these vulnerabilities and users are advised to apply it after ensuring all previous relevant errata are installed.
AI Analysis
Technical Summary
This security advisory covers three vulnerabilities fixed in Red Hat build of Quarkus 3.27.1.SP1: CVE-2025-66566, an information disclosure issue caused by insufficient output buffer clearing in lz4-java; CVE-2025-12183, an out-of-bounds memory operation in lz4-java leading to denial of service and information disclosure; and CVE-2025-11966, a cross-site scripting vulnerability in Eclipse Vert.x web. The advisory is issued by Red Hat Product Security and classified as important. No CVSS scores are provided, but the vulnerabilities affect memory safety and web security components within the Quarkus runtime environment.
Potential Impact
The vulnerabilities fixed in this update could allow attackers to cause denial of service and gain unauthorized access to information through memory handling flaws in the lz4-java library, as well as execute cross-site scripting attacks via the Eclipse Vert.x web component. These issues could impact applications built on the affected Quarkus version, potentially compromising confidentiality and availability.
Mitigation Recommendations
Red Hat has released an official security update for Red Hat build of Quarkus 3.27.1.SP1 that addresses these vulnerabilities. Users should apply this update after ensuring all previously released relevant errata have been applied. Detailed update instructions are available in the Red Hat advisory and documentation. No additional mitigation steps are indicated beyond applying the official update.
Red Hat Security Advisory: Red Hat build of Quarkus 3.27.1.SP1 security update
Description
Red Hat has released a security update for its build of Quarkus version 3. 27. 1. SP1 addressing three vulnerabilities: two in the lz4-java library involving information disclosure and denial of service via out-of-bounds memory operations, and one cross-site scripting vulnerability in Eclipse Vert. x web. These issues have been rated as important by Red Hat Product Security. The update is intended to fix these vulnerabilities and users are advised to apply it after ensuring all previous relevant errata are installed.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This security advisory covers three vulnerabilities fixed in Red Hat build of Quarkus 3.27.1.SP1: CVE-2025-66566, an information disclosure issue caused by insufficient output buffer clearing in lz4-java; CVE-2025-12183, an out-of-bounds memory operation in lz4-java leading to denial of service and information disclosure; and CVE-2025-11966, a cross-site scripting vulnerability in Eclipse Vert.x web. The advisory is issued by Red Hat Product Security and classified as important. No CVSS scores are provided, but the vulnerabilities affect memory safety and web security components within the Quarkus runtime environment.
Potential Impact
The vulnerabilities fixed in this update could allow attackers to cause denial of service and gain unauthorized access to information through memory handling flaws in the lz4-java library, as well as execute cross-site scripting attacks via the Eclipse Vert.x web component. These issues could impact applications built on the affected Quarkus version, potentially compromising confidentiality and availability.
Mitigation Recommendations
Red Hat has released an official security update for Red Hat build of Quarkus 3.27.1.SP1 that addresses these vulnerabilities. Users should apply this update after ensuring all previously released relevant errata have been applied. Detailed update instructions are available in the Red Hat advisory and documentation. No additional mitigation steps are indicated beyond applying the official update.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:0134
- Cve Count
- 3
- Additional Cves
- ["CVE-2025-12183","CVE-2025-66566"]
- Cvss Version
- null
Threat ID: 6a16098ae29bf47b506544b8
Added to database: 5/26/2026, 8:58:50 PM
Last enriched: 5/26/2026, 9:03:39 PM
Last updated: 5/26/2026, 10:01:59 PM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.