CVE-2025-9784

HIGH

Redhat Build OF Apache Camel For Spri... - Improper Resource Release

Title source: rule

Description

A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).

Exploits (1)

nomisec SCANNER 2 stars

by drackyjr · poc

https://github.com/drackyjr/CVE-2025-9784

View Code ZIP pw:eip

References (18)

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2026:3889

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2026:3891

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2026:3892

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2026:4915

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2026:4916

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2026:4917

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2026:4924

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2026:0383

[Vendor Advisory] https://access.redhat.com/security/cve/CVE-2025-9784

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=2392306

[Various Sources] https://issues.redhat.com/browse/UNDERTOW-2598

[Issue Tracking] https://github.com/undertow-io/undertow/pull/1778

[Release Notes] https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2025:23143

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2026:0384

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2026:0386

[Third Party Advisory, US Government Resource] https://kb.cert.org/vuls/id/767506

[Third Party Advisory, US Government Resource] https://www.kb.cert.org/vuls/id/767506

Scores

CVSS v3 7.5

EPSS 0.0155

EPSS Percentile 81.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-404 CWE-770

Status published

Products (50)

io.undertow/undertow-core 0 - 2.2.38.FinalMaven

Red Hat/Red Hat build of Apache Camel 4.14.2 for Spring Boot 3.5.8

Red Hat/Red Hat build of Apache Camel - HawtIO 4

Red Hat/Red Hat Data Grid 8

Red Hat/Red Hat Enterprise Linux 10

Red Hat/Red Hat Enterprise Linux 8

Red Hat/Red Hat Enterprise Linux 9

Red Hat/Red Hat Fuse 7

Red Hat/Red Hat JBoss Enterprise Application Platform 7

Red Hat/Red Hat JBoss Enterprise Application Platform 7.4

... and 40 more

Published Sep 02, 2025

Tracked Since Feb 18, 2026