CVE-2025-12543

CRITICAL LAB

WildFly/JBoss EAP - SSRF

Title source: llm

Description

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions.

Exploits (1)

nomisec WRITEUP
by kavin71725 · poc
https://github.com/kavin71725/CVE-2025-12543-Fix-for-Wildfly

References (13)

Scores

CVSS v3 9.6
EPSS 0.0004
EPSS Percentile 12.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L

Lab Environment

COMMUNITY
Community Lab
docker pull bitnamilegacy/java:1.8.432-7-debian-12-r2

Details

CWE
CWE-20
Status published
Products (50)
io.undertow/undertow-core Maven
Red Hat/Red Hat build of Apache Camel 4.14.4 for Spring Boot 3.5.11
Red Hat/Red Hat build of Apache Camel - HawtIO 4
Red Hat/Red Hat Data Grid 8
Red Hat/Red Hat Enterprise Linux 10
Red Hat/Red Hat Enterprise Linux 8
Red Hat/Red Hat Enterprise Linux 9
Red Hat/Red Hat Fuse 7
Red Hat/Red Hat JBoss Enterprise Application Platform 7.4
Red Hat/Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7 0:2.2.39-1.Final_redhat_00001.1.el7eap
... and 40 more
Published Jan 07, 2026
Tracked Since Feb 18, 2026