← voltar
CVE-2025-12543

Undertow-core: undertow http server fails to reject malformed host headers leading to potential cache poisoning and ssrf

CVSS 9.6 CRITICALEPSS 1.2%CWE-20
Vexday Risk Score
48Atenção
Decisão SSVC (CISA)
Attend
PoC disponível → acompanhar de perto
CVSS 9.6EPSS 1.2%KEV nãoPoC públicaNuclei Metasploit Patch referenciado
Ciclo de vida
07 jan 2026Publicada no NVD
01 abr 2026PoC pública
Recomendação: Planejar correção próxima — já existe PoC pública.
A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
Produtos afetados
Red Hat · Red Hat build of Apache Camel 4.14.4 for Spring Boot 3.5.11Red Hat · Red Hat build of Apache Camel - HawtIO 4Red Hat · Red Hat Data Grid 8Red Hat · Red Hat Enterprise Linux 10Red Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat Fuse 7Red Hat · Red Hat In-Vehicle Operating System 1Red Hat · Red Hat JBoss Enterprise Application PlatformRed Hat · Red Hat JBoss Enterprise Application Platform 7Red Hat · Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7Red Hat · Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8Red Hat · Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9Red Hat · Red Hat JBoss Enterprise Application Platform 8.0Red Hat · Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8Red Hat · Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9Red Hat · Red Hat JBoss Enterprise Application Platform 8.1Red Hat · Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8Red Hat · Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9Red Hat · Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat · Red Hat Process Automation 7Red Hat · Red Hat Single Sign-On 7
PoCs públicas encontradas1
githubgithub.com/kavin71725/CVE-2025-12543-Fix-for-Wildfly0
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://access.redhat.com/errata/RHSA-2026:0383https://access.redhat.com/errata/RHSA-2026:0384https://access.redhat.com/errata/RHSA-2026:0386https://access.redhat.com/errata/RHSA-2026:3889https://access.redhat.com/errata/RHSA-2026:3890https://access.redhat.com/errata/RHSA-2026:3891https://access.redhat.com/errata/RHSA-2026:3892https://access.redhat.com/errata/RHSA-2026:4915https://access.redhat.com/errata/RHSA-2026:4916https://access.redhat.com/errata/RHSA-2026:4917https://access.redhat.com/errata/RHSA-2026:4924https://access.redhat.com/security/cve/CVE-2025-12543