VDB
CVE-2025-9784
CVE-2025-9784
PUBLISHED
CVSS 7.5 HIGH
Undertow MadeYouReset HTTP/2 DDoS Vulnerability
EPSS 2.23% · 84.9th percentile
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
2.23%
84.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7 | 0:2.2.39-1.Final_redhat_00001.1.el7eap |
| Red Hat | Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 | 0:2.5.0-1.redhat_00001.1.el9eap |
| redhat | jboss_enterprise_application_platform | 8.0.0, 7.0.0 |
| Maven | io.undertow:undertow-core | 0, 2.3.0.Alpha1 |
| Red Hat | Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 | * |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9 | 0:7.4.24-4.GA_redhat_00002.1.el9eap |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7.4 | |
| Red Hat | Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 | 0:33.0.0-2.jre_redhat_00003.1.el9eap |
| Red Hat | Red Hat JBoss Enterprise Application Platform Expansion Pack | |
| redhat | fuse | 7.0.0 |
| Red Hat | Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 | 0:4.0.10-1.redhat_00001.1.el9eap |
| Red Hat | Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 | 0:801.3.0-1.GA_redhat_00001.1.el8eap |
| Red Hat | Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 | 0:2.0.2-1.Final_redhat_00001.1.el8eap |
| redhat | single_sign-on | 7.0 |
| Red Hat | Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 | 0:6.6.36-1.Final_redhat_00001.1.el8eap |
| Red Hat | Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 | 0:1.0.1-3.redhat_00003.1.el9eap |
| Red Hat | Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 9 | 0:2.6.6-1.Final_redhat_00001.1.el9eap |
| Red Hat | Red Hat JBoss Enterprise Application Platform 8.1 for RHEL 8 | 0:8.1.3-4.GA_redhat_00006.1.el8eap |
| Red Hat | Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9 | * |
| Red Hat | Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8 | 0:1.0.0-3.redhat_00009.1.el8eap |
…and 49 more
Exploit Intelligence
- drackyjr/CVE-2025-9784 (github-poc)
- drackyjr/CVE-2025-9784 (github-poc)
- drackyjr/CVE-2025-9784 (github-poc)
- drackyjr/CVE-2025-9784 (github-poc)
- drackyjr/CVE-2025-9784 (github-poc)
- drackyjr/CVE-2025-9784 (github-poc)
- drackyjr/CVE-2025-9784 (github-poc)
- drackyjr/CVE-2025-9784 (github-poc)
- drackyjr/CVE-2025-9784 (github-poc)
- CIRCL seen: CVE-2025-9784 (circl-sighting)
…and 18 more exploits
Timeline
- Sep 2, 2025 CVE Published
- Sep 3, 2025 EPSS Score
- Sep 5, 2025 PoC Published
- Sep 11, 2025 EPSS Score
- Sep 18, 2025 EPSS Score
- Oct 3, 2025 EPSS Score
- Oct 11, 2025 EPSS Score
- Oct 18, 2025 EPSS Score
- Oct 26, 2025 EPSS Score
- Nov 2, 2025 EPSS Score
- Nov 10, 2025 EPSS Score
- Nov 25, 2025 EPSS Score
References
- RHSA-2025:23143 vendor-advisory
- RHSA-2026:0383 vendor-advisory
- RHSA-2026:0384 vendor-advisory
- RHSA-2026:0386 vendor-advisory
- RHSA-2026:3889 vendor-advisory
- RHSA-2026:3891 vendor-advisory
- RHSA-2026:3892 vendor-advisory
- RHSA-2026:4915 vendor-advisory
- RHSA-2026:4916 vendor-advisory
- RHSA-2026:4917 vendor-advisory
- RHSA-2026:4924 vendor-advisory
- https://access.redhat.com/security/cve/CVE-2025-9784 vdb
- RHBZ#2392306 issue
- https://github.com/undertow-io/undertow/pull/1778 url
- https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final url
- https://issues.redhat.com/browse/UNDERTOW-2598 url
- https://kb.cert.org/vuls/id/767506 url
- https://www.kb.cert.org/vuls/id/767506 url
- https://nvd.nist.gov/vuln/detail/CVE-2025-9784 advisory
- https://github.com/undertow-io/undertow/pull/1805 url
…and 4 more