CVE-2025-9784
high
Apache CVSS v3 Base Score
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
1.6%
Exploitation probability in 30 days
Top 18% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Confidentiality
None
Integrity
None
Availability
High
Published: September 2, 2025 (254 days ago)
Last Modified: April 30, 2026
Vendor: Apache
Source: MITRE
Vulnerability Report
Generated by CyberWatcher
Description
A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).
CWE
CWE-770Affected Products
Red Hat Red Hat build of Apache Camel 4.14.2 for Spring Boot 3.5.8Red Hat Red Hat JBoss Enterprise Application Platform 7.4Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8Red Hat Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9Red Hat Red Hat JBoss Enterprise Application Platform 8.0Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8Red Hat Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9Red Hat Red Hat JBoss Enterprise Application Platform 8.1Red Hat Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8