CVE-2025-9784
27 views
Skip to first unread message
Loca4368
Oct 13, 2025, 7:59:16 PM (5 days ago) Oct 13
to WildFly
Hi WildFly team,
We are currently on WF 37.0.1.Final, and have CVE-2025-9784 reported against undertow-core-2.3.18.Final.jar. And this version is shipped in the 38.0.0.Beta version as well.
Is WF 37.0.1.Final vulnerable to CVE-2025-9784?
If so, is there a plan to address this?
Any help/info would be appreciated.
Thanks,
Ming
Bryan Mulkey
Oct 13, 2025, 10:15:09 PM (4 days ago) Oct 13
to Loca4368, WildFly
Yes, undertow-2.3.20.Final has been released and fixes this CVE. https://newreleases.io/project/github/undertow-io/undertow/release/2.3.20.Final.
Also see https://github.com/undertow-io/undertow/pull/1778
-Bryan
Also see https://github.com/undertow-io/undertow/pull/1778
-Bryan
--
You received this message because you are subscribed to the Google Groups "WildFly" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wildfly+u...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/wildfly/CAAU4j17r_nm_tW_yFAZCyBRfBz-r8_5EzVfNNZoffAzOwxnWuA%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages