CVE-2025-12543
Unknown Unknown - Not Provided
Host Header Validation Flaw in Undertow Enables Cache Poisoning

Publication date: 2026-01-07

Last updated on: 2026-03-18

Assigner: Red Hat, Inc.

Description
A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-07
Last Modified
2026-03-18
Generated
2026-06-16
AI Q&A
2026-01-07
EPSS Evaluated
2026-06-15
NVD
CVE-2025-12543
Affected Vendors & Products
Showing 12 associated CPEs
Vendor Product Version / Range
redhat jboss_enterprise_application_platform 7.0.0
redhat single_sign-on 7.0
redhat process_automation 7.0
redhat jboss_enterprise_application_platform *
redhat data_grid 8.0
redhat jboss_enterprise_application_platform_expansion_pack *
redhat fuse 7.0.0
redhat undertow to 2.2.39 (exc)
redhat jboss_enterprise_application_platform From 8.0 (inc) to 8.0.12 (exc)
redhat jboss_enterprise_application_platform From 8.1.0 (inc) to 8.1.3 (exc)
redhat build_of_apache_camel to 4.14.4 (exc)
redhat undertow From 2.3.0 (inc) to 2.3.21 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an improper input validation flaw in the Undertow HTTP server core, where the server fails to properly validate the Host header in incoming HTTP requests. Malformed or malicious Host headers are not rejected, allowing attackers to send specially crafted requests that can exploit this flaw. [1]

Impact Analysis

Exploitation of this vulnerability can lead to web cache poisoning, session hijacking, and server-side request forgery (SSRF). Attackers can inject malicious responses into web caches, steal authentication tokens, redirect users to malicious endpoints, and potentially achieve complete account takeover, widespread credential theft, or unauthorized access to internal network resources, compromising confidentiality and integrity of user data. [1]

Detection Guidance

This vulnerability can be detected by sending HTTP requests with malformed or invalid Host headers to the Undertow HTTP server and observing if the server rejects them with a 400 Bad Request response. If the server processes these requests without rejection, it is likely vulnerable. Specific commands are not provided in the resources, but a typical approach would be to use tools like curl or netcat to craft HTTP requests with malformed Host headers and check the server's response. [1]

Mitigation Strategies

Immediate mitigation steps include monitoring and filtering incoming HTTP requests to block those with malformed or suspicious Host headers before they reach the Undertow server. Additionally, applying any available patches or updates from the vendor as soon as they are released is critical. Since the fix status and affected versions are not specified, administrators should stay alert for updates and consider implementing web application firewalls or reverse proxies that validate Host headers. [1]

Compliance Impact

This vulnerability can lead to unauthorized access to internal network resources, account takeover, credential theft, and compromise of the confidentiality and integrity of user data. Such impacts can result in non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access and breaches. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-12543. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart