CVE-2020-25633

CWE-20911 documents8 sources
Severity
5.3MEDIUM
EPSS
0.2%
top 54.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Redhat ResteasyQuarkus QuarkusRED HAT Resteasy-client
Timeline
PublishedSep 18
Latest updateJul 10

Description

A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data confidentiality.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages5 packages

Mavenorg.jboss.resteasy:resteasy-client4.0.04.5.7.Final+1
CVEListV5red_hat/resteasy-clientthrough 4.5.6
NVDredhat/resteasy4.5.04.5.6+1
NVDquarkus/quarkus1.11.6

🔴Vulnerability Details

5
OSV
resteasy vulnerabilities2025-03-13
OSV
Generation of Error Message Containing Sensitive Information in RESTEasy client2021-06-03
GHSA
Generation of Error Message Containing Sensitive Information in RESTEasy client2021-06-03
OSV
CVE-2020-25633: A flaw was found in RESTEasy client in all versions of RESTEasy up to 42020-09-18
CVEList
CVE-2020-25633: A flaw was found in RESTEasy client in all versions of RESTEasy up to 42020-09-18

📋Vendor Advisories

4
Ubuntu
RESTEasy vulnerabilities2025-07-10
Ubuntu
RESTEasy vulnerabilities2025-03-13
Red Hat
resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client's WebApplicationException handling2020-09-04
Debian
CVE-2020-25633: resteasy - A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Fina...2020

💬Community

1
Bugzilla
CVE-2020-25633 resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client's WebApplicationException handling2020-09-15
CVE-2020-25633 (MEDIUM CVSS 5.3) | A flaw was found in RESTEasy client | cvebase.io