CVE-2025-12543 in undertow-core-2.3.20.SP4-redhat-00001

13 views
Skip to first unread message

Blyfycyfyfyf

unread,
Mar 2, 2026, 7:11:17 AMMar 2
to Undertow Dev
Hi,

Some time ago Red Had released JBOSS 8.1.4 security package to address CVE-2025-12543 vulnerability in the Undertow. The patched Undertow version is undertow-core-2.3.20.SP4-redhat-00001. But security scanners still mark this version as vulnerable - because according to this:

https://github.com/advisories/GHSA-j382-5jj3-vw4j

The patched version is 2.3.21.Final. But version undertow-core-2.3.20.SP4-redhat-00001 is also patched; as I understand version  undertow-core-2.3.20.SP4-redhat-00001 is patched as well and this is a false positive in security scanners?

Thanks,

Wojciech

Bartosz Baranowski

unread,
Mar 30, 2026, 6:26:47 AM (4 days ago) Mar 30
to Blyfycyfyfyf, Undertow Dev
All requests/questions ABOUT enterprise projects should be directed  at https://access/redhat.com and handled via CEE/GSS.

--
You received this message because you are subscribed to the Google Groups "Undertow Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to undertow-dev...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/undertow-dev/1d6209e4-2be3-4a19-afdf-4e87863889e6n%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


--

"With the first link, the chain is forged. The first speech censured, the first thought forbidden, the first freedom denied, chains us all irrevocably."

Bartosz Baranowski
IBM R&D

Reply all
Reply to author
Forward
0 new messages