CVE-2025-12543 - Vulnerability Details

CVE-2025-12543 - Undertow-core: undertow http server fails to reject malformed host headers leading to potential cache poisoning and ssrf

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00095.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Redhat Subscribe	Apache Camel Hawtio Subscribe Camel Spring Boot Subscribe Enterprise Linux Subscribe Jboss Data Grid Subscribe Jboss Enterprise Application Platform Subscribe Jboss Enterprise Bpms Platform Subscribe Jboss Fuse Subscribe Jbosseapxp Subscribe Red Hat Single Sign On Subscribe

No data.

Advisories

Source	ID	Title
Github GHSA	GHSA-j382-5jj3-vw4j	Undertow HTTP server core doesn't properly validate the Host header in incoming HTTP requests

Fixes

Solution

No solution given by the vendor.

Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use, applicability, or stability.

References

Link	Providers
https://access.redhat.com/errata/RHSA-2026:0383
https://access.redhat.com/errata/RHSA-2026:0384
https://access.redhat.com/errata/RHSA-2026:0386
https://access.redhat.com/security/cve/CVE-2025-12543
https://bugzilla.redhat.com/show_bug.cgi?id=2408784
https://nvd.nist.gov/vuln/detail/CVE-2025-12543
https://www.cve.org/CVERecord?id=CVE-2025-12543

History

Thu, 08 Jan 2026 22:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el8
References		https://access.redhat.com/errata/RHSA-2026:0383

Thu, 08 Jan 2026 17:15:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/a:redhat:jboss_enterprise_application_platform:8~~	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.1::el9
References		https://access.redhat.com/errata/RHSA-2026:0384 https://access.redhat.com/errata/RHSA-2026:0386

Thu, 08 Jan 2026 00:15:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2025-12543 https://www.cve.org/CVERecord?id=CVE-2025-12543
Metrics	threat_severity `None`	threat_severity `Important`

Wed, 07 Jan 2026 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 07 Jan 2026 16:30:00 +0000

Type	Values Removed	Values Added
Description		A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions.
Title		Undertow-core: undertow http server fails to reject malformed host headers leading to potential cache poisoning and ssrf
First Time appeared		Redhat Redhat apache Camel Hawtio Redhat camel Spring Boot Redhat enterprise Linux Redhat jboss Data Grid Redhat jboss Enterprise Application Platform Redhat jboss Enterprise Bpms Platform Redhat jboss Fuse Redhat jbosseapxp Redhat red Hat Single Sign On
Weaknesses		CWE-20
CPEs		cpe:/a:redhat:apache_camel_hawtio:4 cpe:/a:redhat:camel_spring_boot:4 cpe:/a:redhat:jboss_data_grid:8 cpe:/a:redhat:jboss_enterprise_application_platform:7 cpe:/a:redhat:jboss_enterprise_application_platform:8 cpe:/a:redhat:jboss_enterprise_bpms_platform:7 cpe:/a:redhat:jboss_fuse:7 cpe:/a:redhat:jbosseapxp cpe:/a:redhat:red_hat_single_sign_on:7 cpe:/o:redhat:enterprise_linux:10 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat apache Camel Hawtio Redhat camel Spring Boot Redhat enterprise Linux Redhat jboss Data Grid Redhat jboss Enterprise Application Platform Redhat jboss Enterprise Bpms Platform Redhat jboss Fuse Redhat jbosseapxp Redhat red Hat Single Sign On
References		https://access.redhat.com/security/cve/CVE-2025-12543 https://bugzilla.redhat.com/show_bug.cgi?id=2408784
Metrics		cvssV3_1 `{'score': 9.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L'}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2026-01-07T16:04:22.155Z

Updated: 2026-01-08T22:28:18.105Z

Reserved: 2025-10-31T06:48:03.659Z

Link: CVE-2025-12543

Vulnrichment

Updated: 2026-01-07T16:35:51.149Z

NVD

Status : Awaiting Analysis

Published: 2026-01-07T17:15:55.093

Modified: 2026-01-08T23:15:42.690

Link: CVE-2025-12543

Redhat

Severity : Important

Publid Date: 2026-01-07T00:00:00Z

Links: CVE-2025-12543 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-20

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction Required

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object