๐Ÿ” CVE Alert

CVE-2025-9784

HIGH 7.5

Undertow: undertow madeyoureset http/2 ddos vulnerability

CVSS Score
7.5
EPSS Score
1.6%
EPSS Percentile
81th

A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).

CWE CWE-770
Published Sep 2, 2025
Last Updated Apr 1, 2026
Stay Ahead of the Next One

Get instant alerts for

Be the first to know when new high vulnerabilities are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Affected Versions

Red Hat / Red Hat build of Apache Camel 4.14.2 for Spring Boot 3.5.8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
All versions affected
Red Hat / Red Hat build of Apache Camel - HawtIO 4
All versions affected
Red Hat / Red Hat Data Grid 8
All versions affected
Red Hat / Red Hat Enterprise Linux 10
All versions affected
Red Hat / Red Hat Enterprise Linux 8
All versions affected
Red Hat / Red Hat Enterprise Linux 8
All versions affected
Red Hat / Red Hat Enterprise Linux 9
All versions affected
Red Hat / Red Hat Fuse 7
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform 8
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform Expansion Pack
All versions affected
Red Hat / Red Hat JBoss Enterprise Application Platform Expansion Pack
All versions affected
Red Hat / Red Hat Process Automation 7
All versions affected
Red Hat / Red Hat Single Sign-On 7
All versions affected

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
access.redhat.com: https://access.redhat.com/errata/RHSA-2025:23143 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:0383 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:0384 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:0386 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3889 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3891 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3892 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4915 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4916 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4917 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4924 access.redhat.com: https://access.redhat.com/security/cve/CVE-2025-9784 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2392306 github.com: https://github.com/undertow-io/undertow/pull/1778 github.com: https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final issues.redhat.com: https://issues.redhat.com/browse/UNDERTOW-2598 kb.cert.org: https://kb.cert.org/vuls/id/767506 kb.cert.org: https://www.kb.cert.org/vuls/id/767506