← back
CVE-2025-12543

Undertow-core: undertow http server fails to reject malformed host headers leading to potential cache poisoning and ssrf

CVSS 9.6 CRITICALEPSS 1.2%CWE-20
Vexday Risk Score
48Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
CVSS 9.6EPSS 1.2%KEV nãoPoC públicaNuclei Metasploit Patch referenciado
Lifecycle
07 Jan 2026Published on NVD
01 Apr 2026Public PoC
Recommendation: Plan a near-term fix — a public PoC already exists.
A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
Affected products
Red Hat · Red Hat build of Apache Camel 4.14.4 for Spring Boot 3.5.11Red Hat · Red Hat build of Apache Camel - HawtIO 4Red Hat · Red Hat Data Grid 8Red Hat · Red Hat Enterprise Linux 10Red Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat Fuse 7Red Hat · Red Hat In-Vehicle Operating System 1Red Hat · Red Hat JBoss Enterprise Application PlatformRed Hat · Red Hat JBoss Enterprise Application Platform 7Red Hat · Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7Red Hat · Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8Red Hat · Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9Red Hat · Red Hat JBoss Enterprise Application Platform 8.0Red Hat · Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8Red Hat · Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9Red Hat · Red Hat JBoss Enterprise Application Platform 8.1Red Hat · Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8Red Hat · Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9Red Hat · Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat · Red Hat Process Automation 7Red Hat · Red Hat Single Sign-On 7
public PoCs found1
githubgithub.com/kavin71725/CVE-2025-12543-Fix-for-Wildfly0
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://access.redhat.com/errata/RHSA-2026:0383https://access.redhat.com/errata/RHSA-2026:0384https://access.redhat.com/errata/RHSA-2026:0386https://access.redhat.com/errata/RHSA-2026:3889https://access.redhat.com/errata/RHSA-2026:3890https://access.redhat.com/errata/RHSA-2026:3891https://access.redhat.com/errata/RHSA-2026:3892https://access.redhat.com/errata/RHSA-2026:4915https://access.redhat.com/errata/RHSA-2026:4916https://access.redhat.com/errata/RHSA-2026:4917https://access.redhat.com/errata/RHSA-2026:4924https://access.redhat.com/security/cve/CVE-2025-12543