Description

A vulnerability was found in Quarkus in the quarkus-security-webauthn module. The Quarkus WebAuthn module publishes default REST endpoints for registering and logging users in while allowing developers to provide custom REST endpoints. When developers provide custom REST endpoints, the default endpoints remain accessible, potentially allowing attackers to obtain a login cookie that has no corresponding user in the Quarkus application or, depending on how the application is written, could correspond to an existing user that has no relation with the current attacker, allowing anyone to log in as an existing user by just knowing that user's user name.

INFO

Published Date :

2025-05-06T19:49:16.502Z

Last Modified :

2025-11-20T07:12:24.461Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2024-12225 vulnerability.

Vendors Products
Quarkus
  • Quarkus
Redhat
  • Quarkus
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-12225.

URL Resource
https://access.redhat.com/security/cve/CVE-2024-12225 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2330484 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-12225 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-12225 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact