CVE-2025-12543

{"id": "CVE-2025-12543", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.8}]}, "published": "2026-01-07T17:15:55.093", "references": [{"url": "https://access.redhat.com/errata/RHSA-2026:0383", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:0384", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:0386", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:3889", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:3890", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:3891", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:3892", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:4915", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:4916", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:4917", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2026:4924", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2025-12543", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408784", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en el n\u00facleo del servidor HTTP Undertow, que se utiliza en WildFly, JBoss EAP y otras aplicaciones Java. La biblioteca Undertow no valida correctamente el encabezado Host en las solicitudes HTTP entrantes. Como resultado, las solicitudes que contienen encabezados Host malformados o maliciosos se procesan sin ser rechazadas, lo que permite a los atacantes envenenar cach\u00e9s, realizar escaneos de red internos o secuestrar sesiones de usuario."}], "lastModified": "2026-03-18T16:16:22.420", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:build_of_apache_camel:*:*:*:*:*:spring_boot:*:*", "vulnerable": true, "matchCriteriaId": "07091FB7-A140-4D8E-BDB8-1EC9CF463F53", "versionEndExcluding": "4.14.4"}, {"criteria": "cpe:2.3:a:redhat:data_grid:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7095200A-4DAC-4433-99E8-86CA88E1E4D4"}, {"criteria": "cpe:2.3:a:redhat:fuse:7.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AAD91726-93D9-4230-BF69-6A79B58E09E0"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D2DF1E8-9000-4FB5-9EA8-138D8FB3E2CA", "versionEndExcluding": "8.0.12", "versionStartIncluding": "8.0"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "47585EEB-2EB2-42D6-B06E-290BCE788A9F", "versionEndExcluding": "8.1.3", "versionStartIncluding": "8.1.0"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*", "vulnerable": true, "matchCriteriaId": "B8423D7F-3A8F-4AD8-BF51-245C9D8DD816"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72A54BDA-311C-413B-8E4D-388AD65A170A"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform_expansion_pack:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A24CBFB-4900-47A5-88D2-A44C929603DC"}, {"criteria": "cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20A6B40D-F991-4712-8E30-5FE008505CB7"}, {"criteria": "cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890"}, {"criteria": "cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD2DF681-F91C-41CD-8031-1A0ABC2EF051", "versionEndExcluding": "2.2.39"}, {"criteria": "cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F2313BE-DB2E-4F91-9F8D-6428B276037A", "versionEndExcluding": "2.3.21", "versionStartIncluding": "2.3.0"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}