Improper Input Validation

CVE-2025-12543

High

9.6/10

Summary

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: LOW

CWE-20 - Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

Advisory
Advisory
Pull request

Advisory Timeline

Published Jan 07, 2026

Improper Input Validation

CVE-2025-12543

Summary

CWE-20 - Improper Input Validation

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS