CVE Alert: CVE-2024-12225
Vulnerability Summary: CVE-2024-12225
A vulnerability was found in Quarkus in the quarkus-security-webauthn module. The Quarkus WebAuthn module publishes default REST endpoints for registering and logging users in while allowing developers to provide custom REST endpoints. When developers provide custom REST endpoints, the default endpoints remain accessible, potentially allowing attackers to obtain a login cookie that has no corresponding user in the Quarkus application or, depending on how the application is written, could correspond to an existing user that has no relation with the current attacker, allowing anyone to log in as an existing user by just knowing that user’s user name.
Affected Endpoints:
No affected endpoints listed.
Published Date:
5/6/2025, 8:15:25 PM
💀 CVSS Score:
Exploit Status:
Not ExploitedReferences:
- https://access.redhat.com/security/cve/CVE-2024-12225
- https://bugzilla.redhat.com/show_bug.cgi?id=2330484
Recommended Action:
No proposed action available. Please refer to vendor documentation for updates.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
