GHSA-9699-gm7f-cmjv · Severity: medium · Ecosystem: maven — Unsynchronized Access to Shared Data in a Multithreaded Context in RESTEasy
A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is to confidentiality and integrity. Versions before resteasy 2.0.0.Alpha3 are affected.
Conclusion & alert: CVE-2020-25724 is rated Low Risk (33.5/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.63%). Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.13% | 0.63% | +0.50% |
| 2 | 2025-03-30 | 0.45% | 0.13% | -0.32% |
| 3 | 2025-03-29 | — | 0.45% | — |
Full EPSS history (9 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 4.3 | 3.1 | MEDIUM |
|
2.8 | 1.4 | [email protected] |
| 4.0 | 2.0 | MEDIUM |
|
8.0 | 2.9 | [email protected] |
GHSA-9699-gm7f-cmjv · Severity: medium · Ecosystem: maven — Unsynchronized Access to Shared Data in a Multithreaded Context in RESTEasy
| vendor | priority | summary | link |
|---|---|---|---|
debian
|
unimportant | CVE-2020-25724 unimportant priority: Debian including 2 source packages (resteasy, resteasy3.0), 6 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 6. | https://security-tracker.debian.org/tracker/CVE-2020-25724 |
redhat
|
medium | — | https://access.redhat.com/security/cve/CVE-2020-25724 |
ubuntu
|
medium | CVE-2020-25724 medium priority: Ubuntu including 2 source packages (resteasy, resteasy3.0), 28 status rows across 14 suites (bionic, focal, groovy, hirsute, impish, jammy, kinetic, lunar, mantic, noble, oracular, trusty, upstream, xenial): ignored 12, not-affected 10, DNE 4, released 2. | https://ubuntu.com/security/CVE-2020-25724 |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| redhat | resteasy | < 2.0.0 | cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:* |
| redhat | resteasy | 2.0.0 | cpe:2.3:a:redhat:resteasy:2.0.0:alpha1:*:*:*:*:*:* |
| redhat | resteasy | 2.0.0 | cpe:2.3:a:redhat:resteasy:2.0.0:alpha2:*:*:*:*:*:* |
| quarkus | quarkus | < 1.11.2 | cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:* |
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1899354 | Issue Tracking Vendor Advisory |
| https://security.netapp.com/advisory/ntap-20210702-0003/ | Third Party Advisory |