Description

Bypass/Injection vulnerability in Apache Camel in Camel-Undertow component under particular conditions. This issue affects Apache Camel: from 4.10.0 before 4.10.3, from 4.8.0 before 4.8.6. Users are recommended to upgrade to version 4.10.3 for 4.10.x LTS and 4.8.6 for 4.8.x LTS. Camel undertow component is vulnerable to Camel message header injection, in particular the custom header filter strategy used by the component only filter the "out" direction, while it doesn't filter the "in" direction. This allows an attacker to include Camel specific headers that for some Camel components can alter the behaviour such as the camel-bean component, or the camel-exec component.

INFO

Published Date :

2025-04-01T11:56:30.484Z

Last Modified :

2025-04-01T18:42:45.532Z

Source :

apache
AFFECTED PRODUCTS

The following products are affected by CVE-2025-30177 vulnerability.

Vendors Products
Apache
  • Camel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-30177.

URL Resource
https://camel.apache.org/security/CVE-2025-27636.html cve-icon cve-icon cve-icon
https://camel.apache.org/security/CVE-2025-29891.html cve-icon cve-icon cve-icon
https://lists.apache.org/thread/dj79zdgw01j337lr9gvyy4sv8xfyw8py cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-30177 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-30177 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact