AI description
CVE-2025-29891 is a bypass/injection vulnerability that affects Apache Camel versions 4.10.0 before 4.10.2, 4.8.0 before 4.8.5, and 3.10.0 before 3.22.4. It exists in Camel's default incoming header filter, which allows attackers to include Camel-specific headers that can alter the behavior of certain Camel components, such as camel-bean or camel-exec. This vulnerability can be exploited if Camel applications are directly connected to the internet via HTTP. An attacker can include parameters in HTTP requests, either as request parameters or within the request payload, which are then translated into headers. Due to incorrect case-sensitive filtering, attackers can bypass the intended header restrictions by altering the casing of the header names (e.g., using "CAmelExecCommandExecutable" instead of "CamelExecCommandExecutable"). This allows the injection of arbitrary headers, potentially leading to the execution of internal Camel methods.
- Description
- Bypass/Injection vulnerability in Apache Camel. This issue affects Apache Camel: from 4.10.0 before 4.10.2, from 4.8.0 before 4.8.5, from 3.10.0 before 3.22.4. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS and 3.22.4 for 3.x releases. This vulnerability is present in Camel's default incoming header filter, that allows an attacker to include Camel specific headers that for some Camel components can alter the behaviours such as the camel-bean component, or the camel-exec component. If you have Camel applications that are directly connected to the internet via HTTP, then an attacker could include parameters in the HTTP requests that are sent to the Camel application that get translated into headers. The headers could be both provided as request parameters for an HTTP methods invocation or as part of the payload of the HTTP methods invocation. All the known Camel HTTP component such as camel-servlet, camel-jetty, camel-undertow, camel-platform-http, and camel-netty-http would be vulnerable out of the box. This CVE is related to the CVE-2025-27636: while they have the same root cause and are fixed with the same fix, CVE-2025-27636 was assumed to only be exploitable if an attacker could add malicious HTTP headers, while we have now determined that it is also exploitable via HTTP parameters. Like in CVE-2025-27636, exploitation is only possible if the Camel route uses particular vulnerable components.
- Source
- security@apache.org
- NVD status
- Analyzed
- Products
- camel
CVSS 3.1
- Type
- Secondary
- Base score
- 4.8
- Impact score
- 2.5
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
- Severity
- MEDIUM
- security@apache.org
- CWE-164
- Hype score
- Not currently trending
Dragon Drop: NEW Releases 🚨🐉 🛡️ New GRC modules: → Cyber Compliance In Practice: https://t.co/U1cIrvaryZ → AI and Emerging Cyber GRC Trends: https://t.co/2towA6R4m8 🪲 New CVE labs: → CVE-2025-46191: https://t.co/7sXbgV6WAa → CVE-2025-29891: https://t.co/16
@offsectraining
14 Aug 2025
2368 Impressions
0 Retweets
7 Likes
3 Bookmarks
0 Replies
0 Quotes
CVE-2025-29891 – #Apache #Camel #Exploit via #CAmelExecCommandArgs #Header_Injection https://t.co/2HKRoLrid2 https://t.co/b47rn23uxP
@omvapt
9 Aug 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Deep Dive: CVE-2025-29891 (Apache Camel Header Injection) ⚠️ CVSS 4.8 | EPSS 0.24% See how the exploit works and how to secure your routes!
@offsectraining
8 Aug 2025
2981 Impressions
4 Retweets
17 Likes
6 Bookmarks
1 Reply
0 Quotes
Deep Dive: CVE-2025-29891 (Apache Camel Header Injection) ⚠️ CVSS 4.8 | EPSS 0.24% See how the exploit works and how to secure your routes: https://t.co/1tSOzRlTBL
@offsectraining
8 Aug 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-29891 – Apache Camel Exploit via CAmelExecCommandArgs Header Injection https://t.co/aB2fWr3aUr
@evanderburg
8 Aug 2025
64 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-29891 – Apache Camel Exploit via CAmelExecCommandArgs Header Injection https://t.co/Ex3sNiPKrV
@DemolisherDigi
8 Aug 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
This article delves into security risks posed by unpatched Apache Tomcat and Camel instances. We present an in-depth analysis of CVE-2025-24813 and CVE-2025-27636 and CVE-2025-29891 as well as findings from our telemetry (including exploit payloads). https://t.co/FogfF5t2xU https
@Unit42_Intel
15 Jul 2025
4223 Impressions
22 Retweets
62 Likes
14 Bookmarks
0 Replies
0 Quotes
【脆弱性分析】Apacheが提供する主要製品に深刻な脆弱性が相次いで発見された。TomcatのCVE-2025-24813と、CamelのCVE-2025-27636、CVE-2025-29891の3つが2025年3月に公開され、いずれもリモートコード実行を可能にする。 Tom
@nakajimeeee
5 Jul 2025
264 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#threatreport #LowCompleteness Apache Under the Lens: Tomcats Partial PUT and Camels Header Hijack | 04-07-2025 Source: https://t.co/SrPVxXbswl Key details below ↓ 🧑💻Actors/Campaigns: Atlas_lion 🎯Victims: Apache tomcat users, Apache camel users 🔓CVEs: CVE-2025
@rst_cloud
5 Jul 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
"Apache disclosed critical RCE bugs: CVE-2025-24813 in Tomcat, CVE-2025-27636 & CVE-2025-29891 in Camel. Millions of developers at risk. Patch ASAP."
@Tudorel92659164
4 Jul 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical vulnerabilities in Apache Tomcat (CVE-2025-24813) & Camel (CVE-2025-27636, CVE-2025-29891) exposed millions to remote code execution. Widespread scans and exploits highlight the urgent need for patches. 🚨 #SecurityAlert #OpenSource #UK https://t.co/Tp9rRTLiPD
@TweetThreatNews
3 Jul 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Attention all security professionals and IT leaders! Apache Camel vulnerabilities (CVE-2025-27636 and CVE-2025-29891) patched three weeks ago can still pose a significant risk if not addressed properly.
@fynn_JourX
2 Apr 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Apache Camel Exploit Attempt by Vulnerability Scan (CVE-2025-27636, CVE-2025-29891) https://t.co/TsVyvm5Mq8 https://t.co/EuAX5I4DRa
@sans_isc
31 Mar 2025
1440 Impressions
1 Retweet
7 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-29891 - Bypass/Injection vulnerability in Apache Camel https://t.co/IrjZqtmzgx https://t.co/fOLZR5oKwI
@SirajD_Official
27 Mar 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-29891 impacts Apache Camel #ApacheCamel #CVE-2025-29891 https://t.co/gLwLiX2wYK
@pravin_karthik
19 Mar 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alleged disclosure of Apache Camel CVE-2025–27636 & CVE-2025-29891 affecting versions 4.10.0-4.10.1, 4.8.0-4.8.4, 3.10.0-3.22.3 https://t.co/ClAgJhhFEX
@DarkWebInformer
13 Mar 2025
2300 Impressions
0 Retweets
8 Likes
2 Bookmarks
0 Replies
0 Quotes
PoC para Apache Camel ⚠️ CVE-2025–27636 ⚠️ CVE-2025-29891 https://t.co/DEermvnCjQ https://t.co/fp4hCE1IEG
@elhackernet
12 Mar 2025
2558 Impressions
2 Retweets
6 Likes
2 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F955C7FA-20EE-44FC-BB7F-2734A731A9DC",
"versionEndExcluding": "3.22.4",
"versionStartIncluding": "3.10.0"
},
{
"criteria": "cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "15914F75-761B-40AD-8489-EA92699F3741",
"versionEndExcluding": "4.8.5",
"versionStartIncluding": "4.8.0"
},
{
"criteria": "cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB496A7D-7E5D-48DA-B49F-4494B7369026",
"versionEndExcluding": "4.10.2",
"versionStartIncluding": "4.10.0"
}
],
"operator": "OR"
}
]
}
]