CVE-2025-12543 PUBLISHED

Undertow-core: undertow http server fails to reject malformed host headers leading to potential cache poisoning and ssrf

Assigner: redhat
Reserved: 31.10.2025 Published: 07.01.2026 Updated: 09.01.2026

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
CVSS Score: 9.6

Attack Vector	Network	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	Required	Availability Impact	Low

CVSS 3.1

Product Status

Vendor	Red Hat
Product	Red Hat JBoss Enterprise Application Platform 8.1
Versions	Default: unaffected

Vendor	Red Hat
Product	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
Versions	Default: affected unaffected from 0:4.0.10-1.redhat_00001.1.el8eap to * (excl.)

Vendor	Red Hat
Product	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
Versions	Default: affected unaffected from 0:1.82.0-1.redhat_00001.1.el8eap to * (excl.)

Vendor	Red Hat
Product	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
Versions	Default: affected unaffected from 0:801.3.0-1.GA_redhat_00001.1.el8eap to * (excl.)

Vendor	Red Hat
Product	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
Versions	Default: affected unaffected from 0:1.0.1-3.redhat_00003.1.el8eap to * (excl.)

Vendor	Red Hat
Product	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
Versions	Default: affected unaffected from 0:6.6.36-1.Final_redhat_00001.1.el8eap to * (excl.)

Vendor	Red Hat
Product	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
Versions	Default: affected unaffected from 0:4.0.2-1.Final_redhat_00001.1.el8eap to * (excl.)

Vendor	Red Hat
Product	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
Versions	Default: affected unaffected from 0:2.5.0-1.redhat_00001.1.el8eap to * (excl.)

Vendor	Red Hat
Product	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
Versions	Default: affected unaffected from 0:2.3.20-2.SP4_redhat_00001.1.el8eap to * (excl.)

Vendor	Red Hat
Product	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
Versions	Default: affected unaffected from 0:8.1.3-4.GA_redhat_00006.1.el8eap to * (excl.)

Vendor	Red Hat
Product	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
Versions	Default: affected unaffected from 0:5.0.12-1.Final_redhat_00001.1.el8eap to * (excl.)

Vendor	Red Hat
Product	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
Versions	Default: affected unaffected from 0:2.6.6-1.Final_redhat_00001.1.el8eap to * (excl.)

Vendor	Red Hat
Product	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8
Versions	Default: affected unaffected from 0:8.1.1-4.GA_redhat_00007.1.el8eap to * (excl.)

Vendor	Red Hat
Product	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
Versions	Default: affected unaffected from 0:4.0.10-1.redhat_00001.1.el9eap to * (excl.)

Vendor	Red Hat
Product	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
Versions	Default: affected unaffected from 0:1.82.0-1.redhat_00001.1.el9eap to * (excl.)

Vendor	Red Hat
Product	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
Versions	Default: affected unaffected from 0:801.3.0-1.GA_redhat_00001.1.el9eap to * (excl.)

Vendor	Red Hat
Product	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
Versions	Default: affected unaffected from 0:1.0.1-3.redhat_00003.1.el9eap to * (excl.)

Vendor	Red Hat
Product	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
Versions	Default: affected unaffected from 0:6.6.36-1.Final_redhat_00001.1.el9eap to * (excl.)

Vendor	Red Hat
Product	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
Versions	Default: affected unaffected from 0:4.0.2-1.Final_redhat_00001.1.el9eap to * (excl.)

Vendor	Red Hat
Product	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
Versions	Default: affected unaffected from 0:2.5.0-1.redhat_00001.1.el9eap to * (excl.)

Vendor	Red Hat
Product	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
Versions	Default: affected unaffected from 0:2.3.20-2.SP4_redhat_00001.1.el9eap to * (excl.)

Vendor	Red Hat
Product	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
Versions	Default: affected unaffected from 0:8.1.3-4.GA_redhat_00006.1.el9eap to * (excl.)

Vendor	Red Hat
Product	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
Versions	Default: affected unaffected from 0:5.0.12-1.Final_redhat_00001.1.el9eap to * (excl.)

Vendor	Red Hat
Product	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
Versions	Default: affected unaffected from 0:2.6.6-1.Final_redhat_00001.1.el9eap to * (excl.)

Vendor	Red Hat
Product	Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9
Versions	Default: affected unaffected from 0:8.1.1-4.GA_redhat_00007.1.el9eap to * (excl.)

Vendor	Red Hat
Product	Red Hat build of Apache Camel for Spring Boot 4
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat build of Apache Camel - HawtIO 4
Versions	Default: unaffected

Vendor	Red Hat
Product	Red Hat Data Grid 8
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat Enterprise Linux 10
Versions	Default: unaffected

Vendor	Red Hat
Product	Red Hat Enterprise Linux 8
Versions	Default: unaffected

Vendor	Red Hat
Product	Red Hat Enterprise Linux 8
Versions	Default: unaffected

Vendor	Red Hat
Product	Red Hat Enterprise Linux 9
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat Fuse 7
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat JBoss Enterprise Application Platform 7
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat JBoss Enterprise Application Platform Expansion Pack
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat Process Automation 7
Versions	Default: affected

Vendor	Red Hat
Product	Red Hat Single Sign-On 7
Versions	Default: affected

Workarounds

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use, applicability, or stability.

CVE-2025-12543 PUBLISHED

Undertow-core: undertow http server fails to reject malformed host headers leading to potential cache poisoning and ssrf

Metrics

Product Status

Workarounds

Credits

References

Problem Types