CVE-2025-12543
Host Header Validation Flaw in Undertow Enables Cache Poisoning
Publication date: 2026-01-07
Last updated on: 2026-03-18
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | jboss_enterprise_application_platform | 7.0.0 |
| redhat | single_sign-on | 7.0 |
| redhat | process_automation | 7.0 |
| redhat | jboss_enterprise_application_platform | * |
| redhat | data_grid | 8.0 |
| redhat | jboss_enterprise_application_platform_expansion_pack | * |
| redhat | fuse | 7.0.0 |
| redhat | undertow | to 2.2.39 (exc) |
| redhat | jboss_enterprise_application_platform | From 8.0 (inc) to 8.0.12 (exc) |
| redhat | jboss_enterprise_application_platform | From 8.1.0 (inc) to 8.1.3 (exc) |
| redhat | build_of_apache_camel | to 4.14.4 (exc) |
| redhat | undertow | From 2.3.0 (inc) to 2.3.21 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an improper input validation flaw in the Undertow HTTP server core, where the server fails to properly validate the Host header in incoming HTTP requests. Malformed or malicious Host headers are not rejected, allowing attackers to send specially crafted requests that can exploit this flaw. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability can lead to unauthorized access to internal network resources, account takeover, credential theft, and compromise of the confidentiality and integrity of user data. Such impacts can result in non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access and breaches. [1]
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to web cache poisoning, session hijacking, and server-side request forgery (SSRF). Attackers can inject malicious responses into web caches, steal authentication tokens, redirect users to malicious endpoints, and potentially achieve complete account takeover, widespread credential theft, or unauthorized access to internal network resources, compromising confidentiality and integrity of user data. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending HTTP requests with malformed or invalid Host headers to the Undertow HTTP server and observing if the server rejects them with a 400 Bad Request response. If the server processes these requests without rejection, it is likely vulnerable. Specific commands are not provided in the resources, but a typical approach would be to use tools like curl or netcat to craft HTTP requests with malformed Host headers and check the server's response. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include monitoring and filtering incoming HTTP requests to block those with malformed or suspicious Host headers before they reach the Undertow server. Additionally, applying any available patches or updates from the vendor as soon as they are released is critical. Since the fix status and affected versions are not specified, administrators should stay alert for updates and consider implementing web application firewalls or reverse proxies that validate Host headers. [1]