CVE-2025-30177: Apache Camel: Camel-Undertow Message Header Injection via Improper Filtering
First published: Tue Apr 01 2025(Updated: )
Bypass/Injection vulnerability in Apache Camel in Camel-Undertow component under particular conditions. This issue affects Apache Camel: from 4.10.0 before 4.10.3, from 4.8.0 before 4.8.6. Users are recommended to upgrade to version 4.10.3 for 4.10.x LTS and 4.8.6 for 4.8.x LTS. Camel undertow component is vulnerable to Camel message header injection, in particular the custom header filter strategy used by the component only filter the "out" direction, while it doesn't filter the "in" direction. This allows an attacker to include Camel specific headers that for some Camel components can alter the behaviour such as the camel-bean component, or the camel-exec component.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Build of Apache Camel | >4.10.0<4.10.3 | |
| Red Hat Build of Apache Camel | >4.8.0<4.8.6 | |
| maven/org.apache.camel:camel-undertow | >=4.8.0<4.8.6 | 4.8.6 |
| maven/org.apache.camel:camel-undertow | >=4.10.0<4.10.3 | 4.10.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://camel.apache.org/security/CVE-2025-27636.html
- https://camel.apache.org/security/CVE-2025-29891.html
- https://lists.apache.org/thread/dj79zdgw01j337lr9gvyy4sv8xfyw8py
- https://nvd.nist.gov/vuln/detail/CVE-2025-30177
- https://github.com/apache/camel/commit/9fd8fc30dbd98511a1faa0cbcf39ef5aeec88a64
- https://github.com/advisories/GHSA-vq4p-pchp-6g6v (Advisory)
Frequently Asked Questions
What is the severity of CVE-2025-30177?
The severity of CVE-2025-30177 is classified as moderate, as it allows for bypass and injection vulnerabilities under specific conditions.
How do I fix CVE-2025-30177?
To mitigate CVE-2025-30177, upgrade Apache Camel to version 4.10.3 or 4.8.6 depending on your current version.
Which versions of Apache Camel are affected by CVE-2025-30177?
CVE-2025-30177 affects Apache Camel versions 4.10.0 to 4.10.2 and 4.8.0 to 4.8.5.
What components of Apache Camel are impacted by CVE-2025-30177?
The CVE-2025-30177 vulnerability affects the Camel-Undertow component in Apache Camel.
Is there any workaround for CVE-2025-30177?
Currently, the recommended approach for CVE-2025-30177 is to upgrade to the patched versions, as there are no specified workarounds.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/description
- agent/title
- agent/author
- collector/oss-sec
- source/oss-sec
- alias/CVE-2025-30177
- agent/guess-ai
- agent/software-canonical-lookup
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/nvd-api
- source/NVD
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-vq4p-pchp-6g6v
- agent/source
- agent/last-modified-date
- agent/softwarecombine
- agent/references
- agent/tags
- agent/severity
- agent/trending
- agent/event
- collector/nvd-cve
- vendor/apache
- canonical/red hat build of apache camel
- package-manager/maven