CVE-2025-12543

Summary

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat JBoss Enterprise Application Platform2.2.39.Final-redhat-00001 < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 70:1.4.18-21.SP19_redhat_00001.1.ep7.el7 < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 70:2.0.41-8.SP9_redhat_00001.1.el7eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 70:2.2.39-1.Final_redhat_00001.1.el7eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 70:7.4.24-4.GA_redhat_00002.1.el7eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 80:2.2.39-1.Final_redhat_00001.1.el8eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 80:7.4.24-4.GA_redhat_00002.1.el8eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 90:2.2.39-1.Final_redhat_00001.1.el9eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 90:7.4.24-4.GA_redhat_00002.1.el9eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.0 for RHEL 80:1.83.0-1.redhat_00001.1.el8eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.0 for RHEL 80:33.0.0-2.jre_redhat_00003.1.el8eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.0 for RHEL 80:4.0.6-1.redhat_00001.1.el8eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.0 for RHEL 80:1.0.0-3.redhat_00009.1.el8eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.0 for RHEL 80:2.0.2-1.Final_redhat_00001.1.el8eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.0 for RHEL 80:2.3.23-1.SP3_redhat_00001.1.el8eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.0 for RHEL 90:1.83.0-1.redhat_00001.1.el9eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.0 for RHEL 90:33.0.0-2.jre_redhat_00003.1.el9eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.0 for RHEL 90:4.0.6-1.redhat_00001.1.el9eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.0 for RHEL 90:1.0.0-3.redhat_00009.1.el9eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.0 for RHEL 90:2.0.2-1.Final_redhat_00001.1.el9eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.0 for RHEL 90:2.3.23-1.SP3_redhat_00001.1.el9eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 80:4.0.10-1.redhat_00001.1.el8eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 80:1.82.0-1.redhat_00001.1.el8eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 80:801.3.0-1.GA_redhat_00001.1.el8eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 80:1.0.1-3.redhat_00003.1.el8eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 80:6.6.36-1.Final_redhat_00001.1.el8eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 80:4.0.2-1.Final_redhat_00001.1.el8eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 80:2.5.0-1.redhat_00001.1.el8eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 80:2.3.20-2.SP4_redhat_00001.1.el8eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 80:8.1.3-4.GA_redhat_00006.1.el8eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 80:5.0.12-1.Final_redhat_00001.1.el8eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 80:2.6.6-1.Final_redhat_00001.1.el8eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 80:8.1.1-4.GA_redhat_00007.1.el8eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 90:4.0.10-1.redhat_00001.1.el9eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 90:1.82.0-1.redhat_00001.1.el9eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 90:801.3.0-1.GA_redhat_00001.1.el9eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 90:1.0.1-3.redhat_00003.1.el9eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 90:6.6.36-1.Final_redhat_00001.1.el9eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 90:4.0.2-1.Final_redhat_00001.1.el9eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 90:2.5.0-1.redhat_00001.1.el9eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 90:2.3.20-2.SP4_redhat_00001.1.el9eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 90:8.1.3-4.GA_redhat_00006.1.el9eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 90:5.0.12-1.Final_redhat_00001.1.el9eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 90:2.6.6-1.Final_redhat_00001.1.el9eap < *unaffected
Red HatRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 90:8.1.1-4.GA_redhat_00007.1.el9eap < *unaffected

Weaknesses

  • CWE-20: Improper Input Validation

Workarounds

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use, applicability, or stability.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF

Additional References

References