CVE-2025-12543
Undertow-core: undertow http server fails to reject malformed host headers leading to potential cache poisoning and ssrf
CVSS Score
9.6
EPSS Score
0.0%
EPSS Percentile
0th
A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions.
| CWE | CWE-20 |
| Vendor | red hat |
| Product | red hat build of apache camel 4.14.4 for spring boot 3.5.11 |
| Published | Jan 7, 2026 |
| Last Updated | Apr 1, 2026 |
Stay Ahead of the Next One
Get instant alerts for red hat red hat build of apache camel 4.14.4 for spring boot 3.5.11
Be the first to know when new critical vulnerabilities affecting red hat red hat build of apache camel 4.14.4 for spring boot 3.5.11 are published β delivered to Slack, Telegram or Discord.
Get Free Alerts β
Free Β· No credit card Β· 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
Low
Affected Versions
Red Hat / Red Hat build of Apache Camel 4.14.4 for Spring Boot 3.5.11
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7.4
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.0
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
All versions affected Red Hat / Red Hat build of Apache Camel - HawtIO 4
All versions affected Red Hat / Red Hat Data Grid 8
All versions affected Red Hat / Red Hat Enterprise Linux 10
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Fuse 7
All versions affected Red Hat / Red Hat JBoss Enterprise Application Platform Expansion Pack
All versions affected Red Hat / Red Hat Process Automation 7
All versions affected Red Hat / Red Hat Single Sign-On 7
All versions affected References
access.redhat.com: https://access.redhat.com/errata/RHSA-2026:0383 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:0384 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:0386 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3889 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3890 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3891 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3892 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4915 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4916 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4917 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4924 access.redhat.com: https://access.redhat.com/security/cve/CVE-2025-12543 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2408784
Credits
Red Hat would like to thank Ahmet Artuç for reporting this issue.