CVE-2025-12543

CRITICAL LAB

Undertow HTTP Server - Malformed Host Header Cache Poisoning

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-12543. PoCs published by kavin71725.

AI-analyzed exploit summary This repository provides a detailed technical analysis and backported fix for CVE-2025-12543, a critical Host header validation vulnerability in Undertow. It includes a patched JAR, Dockerfile, and comprehensive documentation explaining the vulnerability, patching process, and validation logic.

Description

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions.

Exploits (1)

nomisec WRITEUP
by kavin71725 · poc
https://github.com/kavin71725/CVE-2025-12543-Fix-for-Wildfly

This repository provides a detailed technical analysis and backported fix for CVE-2025-12543, a critical Host header validation vulnerability in Undertow. It includes a patched JAR, Dockerfile, and comprehensive documentation explaining the vulnerability, patching process, and validation logic.

Classification
Writeup 100%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: WildFly 11.0.0.Final with Undertow 1.4.18.Final
No auth needed
Prerequisites: WildFly 11.0.0.Final installation · Docker environment for deployment
devstral-2 · analyzed Apr 09, 2026 Full analysis →

References (13)

Core 13
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:0386
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:3890
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:3891
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:3892
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:4917
https://access.redhat.com/errata/RHSA-2026:4917
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:4924
https://access.redhat.com/errata/RHSA-2026:4924
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:0383
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:0384
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2026:3889
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:4915
https://access.redhat.com/errata/RHSA-2026:4915
Vendor Advisory vendor-advisory x_refsource_redhat
RHSA-2026:4916
https://access.redhat.com/errata/RHSA-2026:4916
Vendor Advisory vdb-entry x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2025-12543
Issue Tracking issue-tracking x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2408784

Scores

CVSS v3 9.6
EPSS 0.0003
EPSS Percentile 9.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Lab Environment

COMMUNITY
Community Lab
docker pull bitnamilegacy/java:1.8.432-7-debian-12-r2

Details

CWE
CWE-20
Status published
Products (50)
io.undertow/undertow-core Maven
Red Hat/Red Hat build of Apache Camel - HawtIO 4
Red Hat/Red Hat build of Apache Camel 4.14.4 for Spring Boot 3.5.11
Red Hat/Red Hat Data Grid 8
Red Hat/Red Hat Enterprise Linux 10
Red Hat/Red Hat Enterprise Linux 8
Red Hat/Red Hat Enterprise Linux 9
Red Hat/Red Hat Fuse 7
Red Hat/Red Hat JBoss Enterprise Application Platform 2.2.39.Final-redhat-00001
Red Hat/Red Hat JBoss Enterprise Application Platform 7
... and 40 more
Published Jan 07, 2026
Tracked Since Feb 18, 2026