What is CVE-2025-30177?

CVE-2025-30177 is a vulnerability in Apache Software Foundation Camel, classified under CWE-164. Published 2025-04-01.

Is CVE-2025-30177 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Software Foundation Camel

CVE-2025-30177

Bypass/Injection vulnerability in Apache Camel in Camel-Undertow component under particular conditions. This issue affects Apache Camel: from 4.10.0 before 4.10.3, from 4.8.0 before 4.8.6. Users are recommended to upgrade to version 4.10…

EPSS: 0.009 (54.2th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Camel — versions 4.10.0, 4.8.0

Weakness classification (CWE)

CWE-164

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

camel.apache.org/security/CVE-2025-27636.html (related)
camel.apache.org/security/CVE-2025-29891.html (related)
lists.apache.org/thread/dj79zdgw01j337lr9gvyy4sv8xfyw8py (vendor-advisory)

Frequently asked questions

What is CVE-2025-30177?: CVE-2025-30177 is a vulnerability in Apache Software Foundation Camel, classified under CWE-164. Published 2025-04-01.
Is CVE-2025-30177 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.