Synced 16 Jun 2026 15:24 UTC Account

Is Quarkus 2.5.4 patched?

Red Hat · cycle 2.5 · end of life · Official site ↗
2.5.426/100End of life

Current stable (3.36.2): 100/100

Minimum safe version3.20.6.1

2.5.4 has 12 open critical-or-high vulnerabilities. Run 3.20.6.1 or later to clear them. See what 3.20.6.1 fixes →

Health score26/100
Open issues17
Exploited now0
Cycle 2.5 EOL2021-12-17
Latest release3.36.2

Summary iPlain-English security status for Quarkus 2.5.4, built from its CVEs, active-exploitation data, end-of-life date and latest release.

Quarkus 2.5.4 is part of the 2.5 release line. 17 known vulnerabilities affect it. The minimum safe version is 3.20.6.1 — upgrade to it or later to clear the open critical/high issues. The 2.5 line reached end-of-life on 2021-12-17, so it no longer receives security patches. The latest supported Quarkus release is 3.36.2.

Known issues affecting 2.5.4

Exploited first, then by exploitation probability.

CVE-2022-4116 CRITICAL EPSS 33% → fixed in 2.14.2 CVE-2021-2471 MEDIUM EPSS 7% → fixed in 2.6.0 CVE-2022-21724 HIGH EPSS 3% → fixed in 2.7.2 CVE-2022-42003 HIGH EPSS 3% → fixed in 2.13.3 CVE-2022-42004 HIGH EPSS 3% → fixed in 2.13.0 CVE-2022-21363 MEDIUM EPSS 1% → fixed in 2.7.0 CVE-2023-4853 HIGH EPSS 1% → fixed in 3.3.3 CVE-2022-0981 HIGH EPSS 1% → fixed in 2.7.1 CVE-2023-1584 HIGH EPSS 1% → fixed in 2.13.8 CVE-2023-6394 HIGH EPSS 1% → fixed in 3.6.0 CVE-2023-6267 HIGH EPSS 1% → fixed in 3.2.9 CVE-2022-4147 HIGH EPSS 1% → fixed in 2.14.2 CVE-2023-0044 MEDIUM EPSS 1% → fixed in 2.13.7 CVE-2025-66560 MEDIUM EPSS 0% → fixed in 3.31.0 CVE-2024-12225 CRITICAL EPSS 0% → fixed in 3.15.3.1 CVE-2026-39852 HIGH EPSS 0% → fixed in 3.35.2 CVE-2023-0481 LOW EPSS 0% → fixed in 2.16.1

Other Quarkus versions

Check another release line of Quarkus.

Quarkus 3.36.2Quarkus 3.35.4Quarkus 3.34.7Quarkus 3.33.2Quarkus 3.32.4Quarkus 3.31.4Quarkus 3.30.8Quarkus 3.29.4Quarkus 3.28.5Quarkus 3.27.4Quarkus 3.26.4Quarkus 3.25.4Quarkus 3.24.5Quarkus 3.23.4Quarkus 3.22.3Quarkus 3.21.4Quarkus 3.20.6.1Quarkus 3.19.4Quarkus 3.18.4Quarkus 3.17.8Quarkus 3.16.4Quarkus 3.15.7Quarkus 3.14.4Quarkus 3.13.3Quarkus 3.12.3Quarkus 3.11.3Quarkus 3.10.2Quarkus 3.9.5Quarkus 3.8.6.1Quarkus 3.7.4Quarkus 3.6.9Quarkus 3.5.3Quarkus 3.4.3Quarkus 3.3.3Quarkus 3.2.12Quarkus 3.1.3Quarkus 3.0.4Quarkus 2.16.12Quarkus 2.15.3Quarkus 2.14.3Quarkus 2.13.9Quarkus 2.12.3Quarkus 2.11.3Quarkus 2.10.4Quarkus 2.9.2Quarkus 2.8.3Quarkus 2.7.7Quarkus 2.6.3Quarkus 2.4.2Quarkus 2.3.1Quarkus 2.2.5Quarkus 2.1.4Quarkus 2.0.3Quarkus 1.13.7Quarkus 0.28.1

Frequently asked

Is Quarkus 2.5.4 patched?

Quarkus 2.5.4 is end-of-life and no longer receives security patches. Move to 3.36.2.

What version should I upgrade Quarkus 2.5.4 to?

Upgrade Quarkus 2.5.4 to at least 3.20.6.1 to clear its 12 open critical-or-high vulnerabilities.

When does Quarkus 2.5 reach end-of-life?

Quarkus 2.5 reached end-of-life on 2021-12-17 and no longer receives security patches.

What is the latest version of Quarkus?

The latest supported Quarkus release is 3.36.2.

Is Quarkus 2.5.4 still receiving security updates?

No — Quarkus 2.5.4 is on the 2.5 line, which reached end-of-life on 2021-12-17 and no longer receives security updates. Upgrade to 3.36.2 or later to stay supported.

Informational only, from public data (NVD · CISA KEV · EPSS · endoflife.date), and can lag or miss vendor-specific fixes. Always confirm against Red Hat's official advisory before you patch or upgrade — Quarkus official site ↗