Undertow Host Header Validation Flaw Enables Cache Poisoning
CVE-2025-12543 Published on January 7, 2026

Undertow-core: undertow http server fails to reject malformed host headers leading to potential cache poisoning and ssrf
A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions.

Vendor Advisory Vendor Advisory Vendor Advisory NVD

Vulnerability Analysis

CVE-2025-12543 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and a small impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

REQUIRED

Scope:

CHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

LOW

Timeline

2025-10-31

Reported to Red Hat.

2026-01-08

Made public. 69 days later.

Weakness Type

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Products Associated with CVE-2025-12543

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-12543 are published in these products:

Red Hat Camel Spring Boot

Red Hat Apache Camel Hawtio

Red Hat Jboss Data Grid

Red Hat Enterprise Linux (RHEL)

Red Hat Jboss Fuse

Red Hat Jboss Enterprise Application Platform

Red Hat Jbosseapxp

Red Hat Jboss Enterprise Bpms Platform

Red Hat Single Sign On

Affected Versions

Red Hat JBoss Enterprise Application Platform 8.1: Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8:

Version 0:4.0.10-1.redhat_00001.1.el8eap and below * is unaffected.

Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8:

Version 0:1.82.0-1.redhat_00001.1.el8eap and below * is unaffected.

Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8:

Version 0:801.3.0-1.GA_redhat_00001.1.el8eap and below * is unaffected.

Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8:

Version 0:1.0.1-3.redhat_00003.1.el8eap and below * is unaffected.

Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8:

Version 0:6.6.36-1.Final_redhat_00001.1.el8eap and below * is unaffected.

Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8:

Version 0:4.0.2-1.Final_redhat_00001.1.el8eap and below * is unaffected.

Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8:

Version 0:2.5.0-1.redhat_00001.1.el8eap and below * is unaffected.

Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8:

Version 0:2.3.20-2.SP4_redhat_00001.1.el8eap and below * is unaffected.

Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8:

Version 0:8.1.3-4.GA_redhat_00006.1.el8eap and below * is unaffected.

Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8:

Version 0:5.0.12-1.Final_redhat_00001.1.el8eap and below * is unaffected.

Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8:

Version 0:2.6.6-1.Final_redhat_00001.1.el8eap and below * is unaffected.

Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8:

Version 0:8.1.1-4.GA_redhat_00007.1.el8eap and below * is unaffected.