Bypass/Injection Vulnerability in Apache Camel's Undertow Component
CVE-2025-30177

Currently unrated

Key Information:

Vendor

Apache
Status
Apache Camel
Vendor
CVE Published:
1 April 2025

What is CVE-2025-30177?

A bypass and injection vulnerability has been identified in the Camel Undertow component of Apache Camel. The issue arises under specific conditions involving the filtering of message headers. The custom header filter strategy primarily applies to the 'out' direction, neglecting the 'in' direction. This oversight enables an attacker to inject Camel-specific headers that could alter the behavior of certain Camel components, such as camel-bean and camel-exec. It is crucial for users to upgrade to version 4.10.3 for the 4.10.x LTS or to 4.8.6 for the 4.8.x LTS to mitigate this security risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Apache Camel 4.10.0 < 4.10.3

Apache Camel 4.8.0 < 4.8.6

References

https://camel.apache.org/security/CVE-2025-27636.html
related
https://camel.apache.org/security/CVE-2025-29891.html
related
https://lists.apache.org/thread/dj79zdgw01j337lr9gvyy4sv8...
vendor-advisory

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Mark Thorson of AT&T
Mark Thorson of AT&T
JSON
.