CVE-2025-12543

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-12543
A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions.

9.6 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact LOW

Scope CHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2026:0383 Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:0384 Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:0386 Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:3889 Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:3890 Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:3891 Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:3892 Vendor Advisory
https://access.redhat.com/security/cve/CVE-2025-12543 Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2408784 Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:build_of_apache_camel:*:*:*:*:*:spring_boot:*:*
cpe:2.3:a:redhat:data_grid:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:fuse:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform_expansion_pack:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*
History

10 Mar 2026, 19:53

Type Values Removed Values Added
References () https://access.redhat.com/errata/RHSA-2026:0383 - () https://access.redhat.com/errata/RHSA-2026:0383 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2026:0384 - () https://access.redhat.com/errata/RHSA-2026:0384 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2026:0386 - () https://access.redhat.com/errata/RHSA-2026:0386 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2026:3889 - () https://access.redhat.com/errata/RHSA-2026:3889 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2026:3890 - () https://access.redhat.com/errata/RHSA-2026:3890 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2026:3891 - () https://access.redhat.com/errata/RHSA-2026:3891 - Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2026:3892 - () https://access.redhat.com/errata/RHSA-2026:3892 - Vendor Advisory
References () https://access.redhat.com/security/cve/CVE-2025-12543 - () https://access.redhat.com/security/cve/CVE-2025-12543 - Vendor Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2408784 - () https://bugzilla.redhat.com/show_bug.cgi?id=2408784 - Issue Tracking, Vendor Advisory
First Time Redhat fuse
Redhat jboss Enterprise Application Platform Expansion Pack
Redhat build Of Apache Camel
Redhat data Grid
Redhat
Redhat process Automation
Redhat jboss Enterprise Application Platform
Redhat single Sign-on
Redhat undertow
CPE cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:build_of_apache_camel:*:*:*:*:*:spring_boot:*:*
cpe:2.3:a:redhat:fuse:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*
cpe:2.3:a:redhat:data_grid:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform_expansion_pack:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*

05 Mar 2026, 20:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:3889 -
  • () https://access.redhat.com/errata/RHSA-2026:3891 -
  • () https://access.redhat.com/errata/RHSA-2026:3892 -

05 Mar 2026, 15:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:3890 -

08 Jan 2026, 23:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:0383 -

08 Jan 2026, 17:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:0384 -
  • () https://access.redhat.com/errata/RHSA-2026:0386 -

07 Jan 2026, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2026-01-07 17:15

Updated : 2026-03-10 19:53

NVD link : CVE-2025-12543

Mitre link : CVE-2025-12543

CVE.ORG link : CVE-2025-12543

JSON object : View

Products Affected

redhat

  • single_sign-on
  • jboss_enterprise_application_platform
  • build_of_apache_camel
  • undertow
  • jboss_enterprise_application_platform_expansion_pack
  • process_automation
  • data_grid
  • fuse
CWE
CWE-20

Improper Input Validation