This advisory covers a patch release for Red Hat Build of Apache Camel 4.14.2 for Spring Boot that addresses three security vulnerabilities: CVE-2025-9784, an HTTP/2 DDoS vulnerability in undertow-core; CVE-2025-66516, an expanded scope update for Apache Tika core and its PDF parser module; and CVE-2025-48924, an uncontrolled recursion vulnerability in Apache Commons Lang. The update is classified as critical by Red Hat and is intended to mitigate these issues by applying the provided patch. The advisory references Red Hat's errata RHSA-2025:23143 and instructs users to apply this update after previously released errata. No CVSS scores are provided, but the severity is assessed as critical based on Red Hat's classification and the nature of the vulnerabilities.

The vulnerabilities addressed include a critical HTTP/2 DDoS vulnerability that could be exploited to disrupt service availability, an expanded scope of affected artifacts in Apache Tika that may lead to parsing-related security issues, and an uncontrolled recursion flaw that could cause denial of service or other impacts. These issues collectively pose a significant risk to affected systems running the Red Hat Build of Apache Camel 4.14.2 for Spring Boot if left unpatched. No known exploits in the wild have been reported, but the critical rating indicates potential for serious impact.

A patch release is available from Red Hat as part of the Red Hat Build of Apache Camel 4.14.2 for Spring Boot update. Users should apply this update promptly after ensuring all previously released relevant errata have been installed. Detailed instructions for applying the update are available at Red Hat's official documentation (https://access.redhat.com/articles/11258). No additional mitigation steps are indicated by the vendor advisory.