Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-30177

Good to know:

icon
icon

Date: April 1, 2025

Bypass/Injection vulnerability in Apache Camel in Camel-Undertow component under particular conditions. This issue affects Apache Camel: from 4.10.0 before 4.10.3, from 4.8.0 before 4.8.6. Users are recommended to upgrade to version 4.10.3 for 4.10.x LTS and 4.8.6 for 4.8.x LTS. Camel undertow component is vulnerable to Camel message header injection, in particular the custom header filter strategy used by the component only filter the "out" direction, while it doesn't filter the "in" direction. This allows an attacker to include Camel specific headers that for some Camel components can alter the behaviour such as the camel-bean component, or the camel-exec component.

Severity Score

Related Resources (7)

https://camel.apache.org/security/CVE-2025-27636.html
https://camel.apache.org/security/CVE-2025-29891.html
https://nvd.nist.gov/vuln/detail/CVE-2025-30177
https://github.com/apache/camel
https://github.com/apache/camel/commit/9fd8fc30dbd98511a1faa0cbcf39ef5aeec88a64
https://lists.apache.org/thread/dj79zdgw01j337lr9gvyy4sv8xfyw8py
https://www.mend.io/vulnerability-database/CVE-2025-30177

Severity Score

Weakness Type (CWE)

Improper Neutralization of Internal Special Elements

CWE-164

Top Fix

icon

Upgrade Version

Upgrade to version org.apache.camel:camel-undertow:4.8.6;org.apache.camel:camel-undertow:4.10.3;org.apache.camel:camel-undertow:4.8.6;https://github.com/apache/camel.git - camel-4.8.6;https://github.com/apache/camel.git - camel-4.10.3

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): NONE

Do you need more information?

Contact Us