Summary: A critical vulnerability, CVE-2025-29891, has been identified in Apache Camel that may enable attackers to inject harmful headers, thereby altering application behavior. This vulnerability primarily affects various HTTP components of Apache Camel and demands immediate corrective action from developers. Users are urged to upgrade to the patched versions to safeguard their applications from potential exploitation.
Affected: Apache Camel
Keypoints :
- Severity level: High
- Vulnerability allows message header injection through HTTP request parameters.
- Affects default incoming header filter, influencing behaviors of components like camel-bean and camel-exec.
- Impacts several widely used components, including camel-servlet, camel-jetty, camel-undertow, camel-platform-http, and camel-netty-http.
- Users are strongly advised to upgrade to patched versions: 3.22.4, 4.8.5, and 4.10.2.
- Recommended additional protection includes using the removeHeaders Enterprise Integration Pattern (EIP) to filter suspicious headers.