CVE-2025-9784
HIGH EPSS 80.0%
Published Sep 2, 202510mo ago · Modified Jun 17, 20261w ago
7.5 CVSS 3.1
Published Sep 2, 2025 10mo ago
Last Modified Jun 17, 2026 1w ago
Description
A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High
Threat Intelligence
EPSS Exploit Probability
80.0% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 2
CWE-404
CWE-770
Affected Products 10
| Vendor | Product | Version | Range |
|---|---|---|---|
| redhat | build_of_apache_camel_for_spring_boot | * | any |
| redhat | fuse | 7.0.0 | any |
| redhat | jboss_enterprise_application_platform | 7.0.0 | any |
| redhat | jboss_enterprise_application_platform | 8.0.0 | any |
| redhat | jboss_enterprise_application_platform_expansion_pack | * | any |
| redhat | process_automation | 7.0 | any |
| redhat | single_sign-on | 7.0 | any |
| redhat | undertow | * | any |
| redhat | enterprise_linux | 8.0 | any |
| redhat | enterprise_linux | 9.0 | any |
References 18
- access.redhat.com https://access.redhat.com/errata/RHSA-2025:23143
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:0383
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:0384
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:0386
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:3889
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:3891
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:3892
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:4915
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:4916
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:4917
- access.redhat.com https://access.redhat.com/errata/RHSA-2026:4924
- access.redhat.com https://access.redhat.com/security/cve/CVE-2025-9784
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2392306
- github.com https://github.com/undertow-io/undertow/pull/1778
- github.com https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final
- issues.redhat.com https://issues.redhat.com/browse/UNDERTOW-2598
- kb.cert.org https://kb.cert.org/vuls/id/767506
- kb.cert.org https://www.kb.cert.org/vuls/id/767506
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.