CVE-2025-12543 | THREATINT

Description

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions.

PUBLISHED Reserved 2025-10-31 | Published 2026-01-07 | Updated 2026-02-09 | Assigner redhat

CRITICAL: 9.6CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L

Problem types

Improper Input Validation

Product status

Default status

unaffected

Default status

affected

0:4.0.10-1.redhat_00001.1.el8eap (rpm) before *

unaffected

Default status

affected

0:1.82.0-1.redhat_00001.1.el8eap (rpm) before *

unaffected

Default status

affected

0:801.3.0-1.GA_redhat_00001.1.el8eap (rpm) before *

unaffected

Default status

affected

0:1.0.1-3.redhat_00003.1.el8eap (rpm) before *

unaffected

Default status

affected

0:6.6.36-1.Final_redhat_00001.1.el8eap (rpm) before *

unaffected

Default status

affected

0:4.0.2-1.Final_redhat_00001.1.el8eap (rpm) before *

unaffected

Default status

affected

0:2.5.0-1.redhat_00001.1.el8eap (rpm) before *

unaffected

Default status

affected

0:2.3.20-2.SP4_redhat_00001.1.el8eap (rpm) before *

unaffected

Default status

affected

0:8.1.3-4.GA_redhat_00006.1.el8eap (rpm) before *

unaffected

Default status

affected

0:5.0.12-1.Final_redhat_00001.1.el8eap (rpm) before *

unaffected

Default status

affected

0:2.6.6-1.Final_redhat_00001.1.el8eap (rpm) before *

unaffected

Default status

affected

0:8.1.1-4.GA_redhat_00007.1.el8eap (rpm) before *

unaffected

Default status

affected

0:4.0.10-1.redhat_00001.1.el9eap (rpm) before *

unaffected

Default status

affected

0:1.82.0-1.redhat_00001.1.el9eap (rpm) before *

unaffected

Default status

affected

0:801.3.0-1.GA_redhat_00001.1.el9eap (rpm) before *

unaffected

Default status

affected

0:1.0.1-3.redhat_00003.1.el9eap (rpm) before *

unaffected

Default status

affected

0:6.6.36-1.Final_redhat_00001.1.el9eap (rpm) before *

unaffected

Default status

affected

0:4.0.2-1.Final_redhat_00001.1.el9eap (rpm) before *

unaffected

Default status

affected

0:2.5.0-1.redhat_00001.1.el9eap (rpm) before *

unaffected

Default status

affected

0:2.3.20-2.SP4_redhat_00001.1.el9eap (rpm) before *

unaffected

Default status

affected

0:8.1.3-4.GA_redhat_00006.1.el9eap (rpm) before *

unaffected

Default status

affected

0:5.0.12-1.Final_redhat_00001.1.el9eap (rpm) before *

unaffected

Default status

affected

0:2.6.6-1.Final_redhat_00001.1.el9eap (rpm) before *

unaffected

Default status

affected

0:8.1.1-4.GA_redhat_00007.1.el9eap (rpm) before *

unaffected

Default status

affected

Default status

unaffected

Default status

affected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

unaffected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Default status

affected

Timeline

2025-10-31:	Reported to Red Hat.
2026-01-08:	Made public.

Credits

Red Hat would like to thank Ahmet Artuç for reporting this issue.

References

access.redhat.com/errata/RHSA-2026:0383 (RHSA-2026:0383) vendor-advisory

access.redhat.com/errata/RHSA-2026:0384 (RHSA-2026:0384) vendor-advisory

access.redhat.com/errata/RHSA-2026:0386 (RHSA-2026:0386) vendor-advisory

access.redhat.com/security/cve/CVE-2025-12543 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2408784 (RHBZ#2408784) issue-tracking

cve.org (CVE-2025-12543)

nvd.nist.gov (CVE-2025-12543)

Download JSON