CVE-2025-12543

high

Red Hat

CVSS v3 Base Score

9.6

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L

Published: January 8, 2026

Last Modified: January 8, 2026

Vendor: Red Hat

Description

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions.

CWE

CWE-20

Affected Products

Red Hat build of Apache Camel - HawtIO 4Red Hat Data Grid 8Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat Fuse 7Red Hat JBoss Enterprise Application Platform 7Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat Process Automation 7Red Hat Single Sign-On 7

Fix Status

✅ Fix Available

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov

CVE-2025-12543

Vulnerability Report

Description

CWE

Affected Products

Fix Status

References