What is CVE-2025-29891?

CVE-2025-29891 is a vulnerability in Apache Software Foundation Camel, classified under CWE-164. Published 2025-03-12.

Is CVE-2025-29891 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Software Foundation Camel

CVE-2025-29891

Bypass/Injection vulnerability in Apache Camel. This issue affects Apache Camel: from 4.10.0 before 4.10.2, from 4.8.0 before 4.8.5, from 3.10.0 before 3.22.4. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for…

EPSS: 0.718 (99.3th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Camel — versions 4.10.0, 4.8.0, 3.10.0

Weakness classification (CWE)

CWE-164

Public proof-of-concept exploits

Ostorlab/KEV
abhas9/cve-default-exploitability
fkie-cad/nvd-json-data-feeds
tanjiti/sec_

References

camel.apache.org/security/CVE-2025-27636.html (related)
camel.apache.org/security/CVE-2025-29891.html (vendor-advisory)

Frequently asked questions

What is CVE-2025-29891?: CVE-2025-29891 is a vulnerability in Apache Software Foundation Camel, classified under CWE-164. Published 2025-03-12.
Is CVE-2025-29891 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.