CVE-2025-29891

Summary

CVE-2025-29891 is a bypass/injection vulnerability impacting Apache Camel versions 4.10.0 to 4.10.1, 4.8.0 to 4.8.4, and 3.10.0 to 3.22.3. This issue is located in Camel's default incoming header filter, which allows attackers to manipulate Camel-specific headers. By sending malicious headers or parameters in HTTP requests, an attacker could potentially alter the behavior of components such as camel-bean or camel-exec. All Camel HTTP components, including camel-servlet, camel-jetty, camel-undertow, camel-platform-http, and camel-netty-http, are susceptible to this vulnerability. While similar to CVE-2025-27636, this CVE expands the attack surface as it also allows exploitation via HTTP parameters, not just headers. Exploitation requires the use of specific vulnerable components in the Camel route.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.