CVE-2025-12543 in undertow-core-2.3.20.SP4-redhat-00001
6 views
Skip to first unread message
Blyfycyfyfyf
Mar 2, 2026, 7:11:17 AM (10 days ago) Mar 2
to Undertow Dev
Hi,
Some time ago Red Had released JBOSS 8.1.4 security package to address CVE-2025-12543 vulnerability in the Undertow. The patched Undertow version is undertow-core-2.3.20.SP4-redhat-00001. But security scanners still mark this version as vulnerable - because according to this:
https://github.com/advisories/GHSA-j382-5jj3-vw4j
The patched version is 2.3.21.Final. But version undertow-core-2.3.20.SP4-redhat-00001 is also patched; as I understand version undertow-core-2.3.20.SP4-redhat-00001 is patched as well and this is a false positive in security scanners?
Thanks,
Wojciech
Some time ago Red Had released JBOSS 8.1.4 security package to address CVE-2025-12543 vulnerability in the Undertow. The patched Undertow version is undertow-core-2.3.20.SP4-redhat-00001. But security scanners still mark this version as vulnerable - because according to this:
https://github.com/advisories/GHSA-j382-5jj3-vw4j
The patched version is 2.3.21.Final. But version undertow-core-2.3.20.SP4-redhat-00001 is also patched; as I understand version undertow-core-2.3.20.SP4-redhat-00001 is patched as well and this is a false positive in security scanners?
Thanks,
Wojciech
Reply all
Reply to author
Forward
0 new messages