vulnerability
Red Hat JBoss EAP: CVE-2025-12543: Improper Input Validation
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:M/Au:N/C:C/I:C/A:P) | Jan 8, 2026 | Jan 8, 2026 | Jan 12, 2026 |
Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:P)
Published
Jan 8, 2026
Added
Jan 8, 2026
Modified
Jan 12, 2026
Description
A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions.. A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions.
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-20
- CVE-2025-12543
- https://attackerkb.com/topics/CVE-2025-12543
- URL-https://access.redhat.com/security/cve/CVE-2025-12543
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=2408784
- URL-https://access.redhat.com/errata/RHSA-2026:0383
- URL-https://access.redhat.com/errata/RHSA-2026:0384
- URL-https://access.redhat.com/errata/RHSA-2026:0386
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.