CVE-2025-9784
📋 TL;DR
This vulnerability in Undertow allows malicious clients to send malformed requests that trigger server-side stream resets without incrementing abuse counters. This 'MadeYouReset' attack enables denial of service by forcing the server to repeatedly abort streams, consuming excessive resources. Any system running vulnerable versions of Undertow is affected.
💻 Affected Systems
- Undertow
📦 What is this software?
Build Of Apache Camel For Spring Boot by Redhat
View all CVEs affecting Build Of Apache Camel For Spring Boot →
Fuse by Redhat
Jboss Enterprise Application Platform by Redhat
View all CVEs affecting Jboss Enterprise Application Platform →
Jboss Enterprise Application Platform by Redhat
View all CVEs affecting Jboss Enterprise Application Platform →
Jboss Enterprise Application Platform Expansion Pack by Redhat
View all CVEs affecting Jboss Enterprise Application Platform Expansion Pack →
Undertow by Redhat
⚠️ Risk & Real-World Impact
Worst Case
Complete service unavailability due to resource exhaustion, potentially affecting all services running on the vulnerable Undertow instance.
Likely Case
Degraded performance and intermittent service disruptions as the server struggles with repeated stream resets.
If Mitigated
Minimal impact with proper rate limiting, monitoring, and updated versions in place.
🎯 Exploit Status
Exploitation requires sending malformed HTTP/2 requests; no authentication needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check specific Red Hat advisories (RHSA-2025:23143, RHSA-2026:0383, etc.) for patched versions
Vendor Advisory: https://access.redhat.com/security/cve/CVE-2025-9784
Restart Required: Yes
Instructions:
1. Identify affected Undertow version. 2. Apply relevant Red Hat patch via yum update. 3. Restart Undertow service. 4. Verify patch application.
🔧 Temporary Workarounds
Rate Limiting
allImplement request rate limiting to reduce impact of repeated malicious requests.
# Configure via web server or application firewall rules
Connection Limits
allLimit concurrent connections per client to mitigate resource exhaustion.
# Set in Undertow configuration or upstream load balancer
🧯 If You Can't Patch
- Implement strict network filtering to limit access to Undertow services.
- Deploy Web Application Firewall (WAF) with DoS protection rules.
🔍 How to Verify
Check if Vulnerable:
Check Undertow version against Red Hat advisories; run 'rpm -qa | grep undertow' on RHEL systems.Check Version:
rpm -qa | grep undertowVerify Fix Applied:
Verify updated package version matches patched version in Red Hat advisories.📡 Detection & Monitoring
Log Indicators:
- Unusual frequency of stream reset errors
- Abnormally high request rates from single IPs
Network Indicators:
- Spike in malformed HTTP/2 requests
- Increased server response times
SIEM Query:
source="undertow.log" AND ("stream reset" OR "abort") | stats count by src_ip🔗 References
- https://access.redhat.com/errata/RHSA-2025:23143
- https://access.redhat.com/errata/RHSA-2026:0383
- https://access.redhat.com/errata/RHSA-2026:0384
- https://access.redhat.com/errata/RHSA-2026:0386
- https://access.redhat.com/errata/RHSA-2026:3889
- https://access.redhat.com/errata/RHSA-2026:3891
- https://access.redhat.com/errata/RHSA-2026:3892
- https://access.redhat.com/security/cve/CVE-2025-9784
- https://bugzilla.redhat.com/show_bug.cgi?id=2392306
- https://github.com/undertow-io/undertow/pull/1778
- https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final
- https://issues.redhat.com/browse/UNDERTOW-2598
- https://kb.cert.org/vuls/id/767506
- https://www.kb.cert.org/vuls/id/767506
