CVE-2025-27636

Name of the Vulnerable Software and Affected Versions Apache Camel versions 3.10.0 through 3.22.3 Apache Camel versions 4.8.0 through 4.8.4 Apache Camel versions 4.9.0 through 4.10.1 Apache Camel versions 4.10.0 through 4.10.1 Apache Camel versions 4.8.0 before 4.8.6 Apache Camel versions 4.10.0 before 4.10.3 Apache Camel versions 3.10.0 before 3.22.4 Apache Camel versions 4.9.0 before 4.10.2

Description Apache Camel is affected by a bypass/injection vulnerability in its default incoming header filter. This flaw allows an attacker to include Camel-specific headers, potentially altering the behavior of components like camel-bean or camel-exec. An attacker could inject custom headers via HTTP requests, potentially invoking unintended methods or redirecting messages to different queues. The vulnerability stems from a case-sensitive header filtering mechanism that only blocks headers starting with "Camel", "camel", or "org.apache.camel.". The camel-undertow component is also vulnerable due to its custom header filter strategy, which only filters the "out" direction, leaving the "in" direction unprotected. This allows attackers to inject headers that can manipulate component behavior. Active exploitation has been observed, with over 126,000 exploitation attempts blocked by Palo Alto Networks in March. The vulnerability is related to CVE-2025-27636 and CVE-2025-30177. The affected components include camel-activemq, camel-activemq6, camel-amqp, camel-aws2-sqs, camel-azure-servicebus, camel-cxf-rest, camel-cxf-soap, camel-http, camel-jetty, camel-jms, camel-kafka, camel-knative, camel-mail, camel-nats, camel-netty-http, camel-platform-http, camel-rest, camel-sjms, camel-spring-rabbitmq, camel-stomp, camel-tahu, camel-undertow, and camel-xmpp.

Recommendations Upgrade to version 4.10.2 for 4.10.x LTS. Upgrade to version 4.8.5 for 4.8.x LTS. Upgrade to version 3.22.4 for 3.x releases. Upgrade to version 4.10.3 for 4.10.x LTS. Upgrade to version 4.8.6 for 4.8.x LTS. Remove headers in your Camel routes. Use the removeHeaders EIP to filter out unwanted headers. Restrict access to vulnerable components such as camel-bean and camel-exec.