CVE advisoryHIGH
CVE-2025-9784
MadeYouReset Attack Leads to Undertow Denial of Service
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A flaw in Undertow allows malformed client requests to trigger server-side stream resets, causing excessive workload and potentially a denial of service. This vulnerability can be reached by any client sending specially crafted requests to vulnerable Undertow services, impacting service availability.