CVE-2025-9784
HIGHDescription
A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).
Is your site exposed to CVE-2025-9784?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| redhat | build_of_apache_camel_for_spring_boot |
| redhat | fuse |
| redhat | jboss_enterprise_application_platform |
| redhat | jboss_enterprise_application_platform |
| redhat | jboss_enterprise_application_platform_expansion_pack |
| redhat | process_automation |
| redhat | single_sign-on |
| redhat | undertow |
| redhat | enterprise_linux |
| redhat | enterprise_linux |
References
Advisories & Patches
Other References
Frequently Asked Questions
What is CVE-2025-9784? +
How severe is CVE-2025-9784? +
What products are affected by CVE-2025-9784? +
How do I check if I'm vulnerable to CVE-2025-9784? +
Related Vulnerabilities
mcp-framework is a framework for building Model Context Protocol (MCP) servers. In versions 0.2.21 and below, the readRequestBody() function in …
spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser …
Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion. …
Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion …
Allocation of Resources Without Limits or Throttling vulnerability in elixir-plug plug_cowboy allows unauthenticated remote denial of service via atom table …
An Allocation of Resources Without Limits or Throttling vulnerability in the operating system network configuration used in B&R APROL <4.4-00P5 …