CVE-2025-12543
CRIT 9.6A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions.
Affected Applications in Environment
19
Platform
v17,38,0,0
1 device
Platform
v17,17,0,0
1 device
Platform
v17,15,0,0
2 devices
Platform
v3.1.119.0
1 device
Platform
v3.1.116.0
1 device
Platform
v3.1.120.0
1 device
Platform
v17,24,0,0
1 device
fuse
v2.9.9-17.el9
27 devices
fuse
v2.9.2-4ubuntu4.14.04.1
1 device
fuse
v2.9.7-19.el8
3 devices
fuse
v2.9.7-1ubuntu1
1 device
fuse
v2.9.4-1ubuntu3.1
3 devices
fuse
v2.9.4-1ubuntu3.1+esm1
1 device
fuse
v2.9.9-17.el9
2 devices
fuse
v2.9.7-19.0.1.el8
6 devices
fuse
v2.9.9-17.el9
1 device
fuse
v2.9.7-16.el8
2 devices
fuse
v2.9.2-11.el7
1 device
fuse
v2.9.9-17.el9
1 device
Affected Devices
57
ARSUTLGU4000052
Windows
DESKTOP-6US3N85
Windows
DESKTOP-7IU23EB
Windows
DPEXAN-5CD017CV
Windows
DPHSNG-34Y86X3
Windows
DPMATH-C11312G9
Windows
FL217-2-ADOTTER
Windows
MICHELLEUSUHP
Windows
atc.db.usu.edu
Linux
chela03
Linux
chela04
Linux
chela05
Linux
cleanaddressdev.banner.usu.edu
Linux
devjobsub.banner.usu.edu
Linux
dpapsb-161390.aggies.usu.edu
Linux
dpapsb-191594.mypc.usu.edu
Linux
el103-02.ece.usu.edu
Linux
el103-03.ece.usu.edu
Linux
el103-04.ece.usu.edu
Linux
el103-05.ece.usu.edu
Linux
el103-07.ece.usu.edu
Linux
el103-08.ece.usu.edu
Linux
el103-09.ece.usu.edu
Linux
el103-10.ece.usu.edu
Linux
el103-14.ece.usu.edu
Linux
el103-15.ece.usu.edu
Linux
el103-16.ece.usu.edu
Linux
el103-17.ece.usu.edu
Linux
el103-18.ece.usu.edu
Linux
el103-19.ece.usu.edu
Linux
el103-20.ece.usu.edu
Linux
el120-01.ece.usu.edu
Linux
el120-02.ece.usu.edu
Linux
el120-03.ece.usu.edu
Linux
el120-04.ece.usu.edu
Linux
el120-05.ece.usu.edu
Linux
el120-06.ece.usu.edu
Linux
el120-08.ece.usu.edu
Linux
el120-09.ece.usu.edu
Linux
el120-10.ece.usu.edu
Linux
el120-11.ece.usu.edu
Linux
el120-12.ece.usu.edu
Linux
el120-14.ece.usu.edu
Linux
eprocdev.banner.usu.edu
Linux
facreadyprod.pplant.usu.edu
Linux
facreadytestrhel.pplant.usu.edu
Linux
facshibsp2.pplant.usu.edu
Linux
guru.cluster
Linux
hotcheeto
Linux
my2
Linux
oms.db.usu.edu
Linux
paymentworksdev.banner.usu.edu
Linux
web04a
Linux
web05
Linux
web21
Linux
web22
Linux
zldtst.db.usu.edu
Linux
References
13
- https://access.redhat.com/errata/RHSA-2026:0383
- https://access.redhat.com/errata/RHSA-2026:0384
- https://access.redhat.com/errata/RHSA-2026:0386
- https://access.redhat.com/errata/RHSA-2026:3889
- https://access.redhat.com/errata/RHSA-2026:3890
- https://access.redhat.com/errata/RHSA-2026:3891
- https://access.redhat.com/errata/RHSA-2026:3892
- https://access.redhat.com/errata/RHSA-2026:4915
- https://access.redhat.com/errata/RHSA-2026:4916
- https://access.redhat.com/errata/RHSA-2026:4917
- https://access.redhat.com/errata/RHSA-2026:4924
- https://access.redhat.com/security/cve/CVE-2025-12543
- https://bugzilla.redhat.com/show_bug.cgi?id=2408784