CVE-2025-9784

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2025-9784

Severity

7.5

High

CVSS V3

Description

A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).

References

https://images.chainguard.dev/security/CGA-rmw2-7xf4-xp94
https://github.com/advisories/GHSA-95h4-w6j8-2rp8
https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final
https://issues.redhat.com/browse/UNDERTOW-2598
https://www.kb.cert.org/vuls/id/767506
https://access.redhat.com/security/cve/CVE-2025-9784
https://bugzilla.redhat.com/show_bug.cgi?id=2392306
https://github.com/undertow-io/undertow/pull/1778

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2025-9784

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company