External risk intelligence

Undertow HTTP Request Header Validation Flaw Allows Cache Poisoning and Session Hijacking

CVE advisorySeverity: CRITICAL (CVSS 9.6)

CVE-2025-12543

The Undertow library is a core HTTP server component used in enterprise application platforms and middleware. These products are commonly deployed to host web applications, APIs, and identity services that are intentionally exposed to the internet or public-facing network segments to facilitate external connectivity and user access.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

A flaw in the Undertow HTTP server core, utilized by various Java applications, allows attackers to manipulate HTTP requests. This could lead to cache poisoning, internal network scanning, or user session hijacking.

  • Server requests are improperly validated.
  • Affects core Java application infrastructure.
  • Confirm exposure and understand potential impact.

Attack Path

How an attacker could exploit the issue

An attacker can target systems using the Undertow HTTP server, often found in Java applications like WildFly and JBoss EAP. By sending specially crafted HTTP requests with a manipulated Host header, an attacker can bypass security checks. This could allow them to poison caches, scan internal networks, or potentially hijack user sessions.

  • Requires network access.
  • Triggered by malformed Host headers.
  • Risks include cache poisoning and session hijacking.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could affect system data and service behavior when the Undertow HTTP server processes malformed or malicious Host headers. This could allow attackers to poison caches, conduct internal network scans, or hijack user sessions.

  • System cache and internal network information at risk.
  • Malicious Host headers could poison caches or enable scans.
  • Session hijacking and unauthorized access may occur.

Operational Fix

Recommended remediation, mitigation, and detection steps

The Undertow HTTP server's vulnerability impacts Red Hat's enterprise Java application platforms and middleware. Application owners and infrastructure teams are likely responsible for addressing this, requiring an immediate inventory of affected systems, confirmation of business criticality and external reachability, and then a risk-based remediation plan.

  • Identify accountable application owners.
  • Verify system reachability and criticality.
  • Plan remediation based on risk.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is Undertow and how is it used?

Undertow is a lightweight, flexible web server library built for Java. It functions as the core HTTP engine for many enterprise platforms, such as JBoss EAP, WildFly, and various Red Hat middleware products. Developers and organizations rely on it to handle incoming web traffic, manage connections, and support the routing of requests in complex application environments.

What is the vulnerability behind CVE-2025-12543?

This CVE involves a weakness classified as Improper Input Validation (CWE-20). In plain English, the software fails to strictly verify the accuracy of the 'Host' header sent in an HTTP request. Because the server trusts this header without proper checks, it can be tricked into processing malicious traffic, potentially leading to security issues like unauthorized cache poisoning or session hijacking.

How does an attacker trigger this flaw?

An attacker triggers this bug by sending a specially crafted HTTP request containing a malformed or malicious Host header. The vulnerability is specifically tied to how the Undertow library processes these invalid headers. It is important to note that standard, legitimate HTTP requests with correctly formatted Host headers do not trigger this flaw, as the issue is isolated to requests designed to deceive the server's validation logic.

Is my system at risk according to Halo Surface Signal?

Halo Surface Signal notes that Undertow is frequently used in application platforms and middleware that are intentionally deployed to support external web traffic. If your Java applications are exposed to the internet or public-facing network segments to facilitate user access, they are more likely to encounter this risk. Systems strictly isolated from all external connectivity face a lower direct profile from this network-based vulnerability.

What should I do to address this issue?

Start by performing an inventory to identify all systems running affected versions of Java middleware or applications that rely on the Undertow library. Once you have a list, verify which applications are critical to your business and confirm their network reachability. Coordinate with the relevant application owners to plan and apply the necessary updates or patches provided by your software vendor.

References