CVE-2025-12543

⛔ critical

Summary

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions.

CVSS Score

9.6

Critical

EPSS Score

0.1

Exploit Probability

Published Date

2026-01-07

First Seen: 2026-01-17

📊 Relative Risk Intelligence

This CVE is Very High Risk - more severe than 90.2% of all 318,071 vulnerabilities in our database.

#31,299

Top 10% most severe

Severity Percentile

🎯 CISA SSVC Assessment Updated: Jan 8, 2026

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

Requires human interaction

💥 Technical Impact

Total

Complete system compromise possible

🏆 Discovered By

Red Hat would like to thank Ahmet Artuç for reporting this issue.

SSVC data provided by CISA

Last Modified 2026-03-18

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L

CWE IDs (Weakness Types)

CWE-20

📦 Affected Products 11

Vendor	Product	Status	Affected Versions
redhat	jboss_enterprise_application_platform	Affected	> 8.0 < 8.0.12
redhat	jboss_enterprise_application_platform	Affected	> 8.1.0 < 8.1.3
redhat	jboss_enterprise_application_platform	Affected	v-
redhat	jboss_enterprise_application_platform	Affected	v7.0.0
redhat	undertow	Affected	< 2.2.39
redhat	undertow	Affected	> 2.3.0 < 2.3.21
redhat	data_grid	Affected	v8.0
redhat	single_sign-on	Affected	v7.0
redhat	process_automation	Affected	v7.0
redhat	fuse	Affected	v7.0.0
redhat	jboss_enterprise_application_platform_expansion_pack	Affected	v-

🔗 References 13

https://access.redhat.com/errata/RHSA-2026:0383

Vendor Advisory

https://access.redhat.com/errata/RHSA-2026:0384

Vendor Advisory

https://access.redhat.com/errata/RHSA-2026:0386

Vendor Advisory

https://access.redhat.com/errata/RHSA-2026:3889

Vendor Advisory

https://access.redhat.com/errata/RHSA-2026:3890

Vendor Advisory

https://access.redhat.com/errata/RHSA-2026:3891

Vendor Advisory

https://access.redhat.com/errata/RHSA-2026:3892

Vendor Advisory

https://access.redhat.com/errata/RHSA-2026:4915

https://access.redhat.com/errata/RHSA-2026:4916

https://access.redhat.com/errata/RHSA-2026:4917

https://access.redhat.com/errata/RHSA-2026:4924

https://access.redhat.com/security/cve/CVE-2025-12543

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2408784

Issue Tracking Vendor Advisory

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-28367	⚠️ high	8.7	0.0	A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block ter...	2026-03-27
CVE-2026-28368	⚠️ high	8.7	0.1	A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where ...	2026-03-27
CVE-2026-28369	⚠️ high	8.7	0.1	A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more...	2026-03-27
CVE-2026-3121	🔶 medium	6.5	0.0	A flaw was found in Keycloak. An administrator with `manage-clients` permission can exploit a misconfiguration where thi...	2026-03-26
CVE-2026-3260	🔶 medium	5.9	0.6	A flaw was found in Undertow. A remote attacker could exploit this vulnerability by sending an HTTP GET request containi...	2026-03-24
CVE-2026-3009	⚠️ high	8.1	0.0	A security flaw in the IdentityBrokerService.performLogin endpoint of Keycloak allows authentication to proceed using an...	2026-03-05

These CVEs affect the same products