VDB
CNVD-2025-05169
CNVD-2025-05169
PUBLISHED
CVSS 5.599999904632568 MEDIUM
Apache Camel是美国阿帕奇(Apache)基金会的一套开源的基于Enterprise Integration Pattern(企业整合模式,简称EIP)的集成框架。该框架提供企业集成模式的Java对象(POJO)的实现,且通过应用程序接口来配置路由和中介的规则。 Apache Camel存在任意命令执⾏漏洞,该漏洞是由于Apache Camel对请求头⼤⼩写处理不当,攻击者可利用该漏洞通过传递特殊格式的头部(如"CAmelExecCommandExecutable"而非"CamelExecCommandExecutable")绕过安全过滤,覆盖预定义命令,导致任意命令执⾏。
Risk Scores
CVSS 3.1
5.599999904632568
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache Software Foundation | Apache Camel | 4.10.0, 4.8.0, 3.10.0 |
Exploit Intelligence
- enochgitgamefied/CVE-2025-27636-Practical-Lab (github-poc)
- enochgitgamefied/CVE-2025-27636-Practical-Lab (github-poc)
- akamai/CVE-2025-27636-Apache-Camel-PoC (github-poc)
- akamai/CVE-2025-27636-Apache-Camel-PoC (github-poc)
- https://github.com/akamai/CVE-2025-27636-Apache-Camel-PoC/blob/main/src/main/java/com/example/camel/VulnerableCamel.java (circl)
- https://camel.apache.org/security/CVE-2025-27636.txt.asc (circl)
- http://www.openwall.com/lists/oss-security/2025/03/09/1 (circl)
- https://lists.apache.org/thread/l3zcg3vts88bmc7w8172wkgw610y693z (circl)
- https://issues.apache.org/jira/browse/CAMEL-21828 (circl)
- https://camel.apache.org/security/CVE-2025-27636.html (circl)
…and 46 more exploits
Timeline
- Mar 9, 2025 CVE Published
- Mar 9, 2025 PoC Published
- Mar 9, 2025 PoC Published
- Mar 9, 2025 PoC Published
- Mar 9, 2025 PoC Published
- Mar 9, 2025 PoC Published
- Mar 9, 2025 PoC Published
- Mar 10, 2025 PoC Published
- Mar 10, 2025 PoC Published
- Mar 10, 2025 PoC Published
- Mar 10, 2025 PoC Published
- Mar 10, 2025 PoC Published
References
- https://lists.apache.org/thread/l3zcg3vts88bmc7w8172wkgw610y693z vendor-advisory
- https://issues.apache.org/jira/browse/CAMEL-21828 issue
- https://camel.apache.org/security/CVE-2025-27636.html vendor-advisory
- http://www.openwall.com/lists/oss-security/2025/03/09/1 url
- https://github.com/akamai/CVE-2025-27636-Apache-Camel-PoC/blob/main/src/main/java/com/example/camel/VulnerableCamel.java exploit
- https://camel.apache.org/security/CVE-2025-27636.txt.asc vendor-advisory