Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-9784

A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).

Published

2025-09-02T14:15:36.593

Last Modified

2025-09-24T14:15:52.033

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-770
Type: Secondary
CWE-404

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	build_of_apache_camel_for_spring_boot	-	Yes
Application	redhat	fuse	7.0.0	Yes
Application	redhat	jboss_enterprise_application_platform	7.0.0	Yes
Application	redhat	jboss_enterprise_application_platform	8.0.0	Yes
Application	redhat	jboss_enterprise_application_platform_expansion_pack	-	Yes
Application	redhat	process_automation	7.0	Yes
Application	redhat	single_sign-on	7.0	Yes
Application	redhat	undertow	-	Yes
Operating System	redhat	enterprise_linux	8.0	Yes
Operating System	redhat	enterprise_linux	9.0	Yes

References

https://access.redhat.com/security/cve/CVE-2025-9784 Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=2392306 Issue Tracking ([email protected])
https://github.com/undertow-io/undertow/pull/1778 ([email protected])
https://issues.redhat.com/browse/UNDERTOW-2598 ([email protected])