Is CVE-2025-27636 known to be exploited?

12 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Software Foundation Camel

Q: What is CVE-2025-27636?

CVE-2025-27636 is a vulnerability in Apache Software Foundation Camel. Published 2025-03-09.

CVE-2025-27636

Bypass/Injection vulnerability in Apache Camel components under particular conditions. This issue affects Apache Camel: from 4.10.0 through <= 4.10.1, from 4.8.0 through <= 4.8.4, from 3.10.0 through <= 3.22.3. Users are recommended to u…

EPSS: 0.521 (98.0th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Camel — versions 4.10.0, 4.8.0, 3.10.0

Public proof-of-concept exploits

akamai/CVE-2025-27636-Apache-Camel-PoC
enochgitgamefied/CVE-2025-27636-Practical-Lab
GhostTroops/TOP
Ostorlab/KEV
PuddinCat/GithubRepoSpider
abhas9/cve-default-exploitability
0xMarcio/cve
kang9693/PoC_
nomi-sec/PoC-in-GitHub
plzheheplztrying/cve_

References

lists.apache.org/thread/l3zcg3vts88bmc7w8172wkgw610y693z (vendor-advisory)
issues.apache.org/jira/browse/CAMEL-21828 (issue-tracking)
camel.apache.org/security/CVE-2025-27636.html (vendor-advisory)

Frequently asked questions

What is CVE-2025-27636?: CVE-2025-27636 is a vulnerability in Apache Software Foundation Camel. Published 2025-03-09.
Is CVE-2025-27636 known to be exploited?: 12 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.