6.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2025-30177

GHSA ID

GHSA-vq4p-pchp-6g6v

EPSS Score

0.32643%

CWE

CWE-164

Published

4/1/2025

Updated

4/1/2025

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-30177

CVE-2025-30177: Apache Camel Missing Header Out Filter Leads to Potential Bypass/Injection Vulnerability

Bypass/Injection vulnerability in Apache Camel in Camel-Undertow component under particular conditions.

This issue affects Apache Camel: from 4.10.0 before 4.10.3, from 4.8.0 before 4.8.6.

Users are recommended to upgrade to version 4.10.3 for 4.10.x LTS and 4.8.6 for 4.8.x LTS.

Camel undertow component is vulnerable to Camel message header injection, in particular the custom header filter strategy used by the component only filter the "out" direction, while it doesn't filter the "in" direction.

This allows an attacker to include Camel specific headers that for some Camel components can alter the behaviour such as the camel-bean component, or the camel-exec component.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-30177

CVE-2025-30177:

6.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2025-30177

GHSA ID

GHSA-vq4p-pchp-6g6v

EPSS Score

0.32643%

CWE

CWE-164

Published

4/1/2025

Updated

4/1/2025

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.apache.camel:camel-undertow	maven	>= 4.10.0, < 4.10.3	4.10.3
org.apache.camel:camel-undertow	maven	>= 4.8.0, < 4.8.6	4.8.6

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The security patch adds inbound header filtering to UndertowHeaderFilterStrategy.initialize(). The vulnerability stemmed from this method only setting OUT filter patterns (CAMEL_FILTER_STARTS_WITH) while neglecting IN filters. This allowed malicious headers to bypass validation during request processing. The initialize() method is the root configuration point for header filtering strategies, making it the key vulnerable function visible in component initialization stack traces.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

6.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-30177: Apache Camel Missing Header Out Filter Leads to Potential Bypass/Injection Vulnerability

CVE-2025-30177:

6.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

CVE-2025-30177: Apache Camel Missing Header Out Filter Leads to Potential Bypass/Injection Vulnerability

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

6.5

6.5

Technical Details

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI