Red Hat Security Advisory: Red Hat Build of Apache Camel 4.10.6 for Spring Boot release.
Red Hat has released a security advisory for the Red Hat build of Apache Camel 4. 10. 6 for Spring Boot addressing vulnerabilities in HTTP/2 implementations. The vulnerabilities, identified as CVE-2025-5115 and CVE-2025-55163, involve a design flaw in HTTP/2 control frames that can be exploited to cause denial-of-service (DoS) attacks, known as the "MadeYouReset" attack. These affect components including jetty-http2-client, jetty-http2-server, and netty-codec-http2. The advisory provides a patch release to fix these issues.
AI Analysis
Technical Summary
The Red Hat build of Apache Camel 4.10.6 for Spring Boot includes fixes for two related vulnerabilities: CVE-2025-5115 and CVE-2025-55163. Both vulnerabilities stem from a design flaw in HTTP/2 protocol handling, specifically in control frames, which can be exploited to launch "MadeYouReset" denial-of-service attacks. Affected components include multiple jetty HTTP/2 modules and the netty HTTP/2 codec. Red Hat has issued a patch release (4.10.6) for Apache Camel for Spring Boot to address these issues. The advisory emphasizes applying this update after all previously released errata have been applied.
Potential Impact
Successful exploitation of these vulnerabilities allows an attacker to cause denial-of-service conditions by exploiting the HTTP/2 control frame handling flaws. This can disrupt services relying on the affected HTTP/2 implementations, potentially impacting availability. No known exploits in the wild have been reported at this time.
Mitigation Recommendations
A patch release for Red Hat build of Apache Camel 4.10.6 for Spring Boot is available and should be applied to remediate these vulnerabilities. Before applying this update, ensure all previously released errata relevant to your system have been installed. Refer to Red Hat's official update guidance at https://access.redhat.com/articles/11258 for detailed instructions. No additional mitigations are specified by the vendor advisory.
Red Hat Security Advisory: Red Hat Build of Apache Camel 4.10.6 for Spring Boot release.
Description
Red Hat has released a security advisory for the Red Hat build of Apache Camel 4. 10. 6 for Spring Boot addressing vulnerabilities in HTTP/2 implementations. The vulnerabilities, identified as CVE-2025-5115 and CVE-2025-55163, involve a design flaw in HTTP/2 control frames that can be exploited to cause denial-of-service (DoS) attacks, known as the "MadeYouReset" attack. These affect components including jetty-http2-client, jetty-http2-server, and netty-codec-http2. The advisory provides a patch release to fix these issues.
Affected software
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Red Hat build of Apache Camel 4.10.6 for Spring Boot includes fixes for two related vulnerabilities: CVE-2025-5115 and CVE-2025-55163. Both vulnerabilities stem from a design flaw in HTTP/2 protocol handling, specifically in control frames, which can be exploited to launch "MadeYouReset" denial-of-service attacks. Affected components include multiple jetty HTTP/2 modules and the netty HTTP/2 codec. Red Hat has issued a patch release (4.10.6) for Apache Camel for Spring Boot to address these issues. The advisory emphasizes applying this update after all previously released errata have been applied.
Potential Impact
Successful exploitation of these vulnerabilities allows an attacker to cause denial-of-service conditions by exploiting the HTTP/2 control frame handling flaws. This can disrupt services relying on the affected HTTP/2 implementations, potentially impacting availability. No known exploits in the wild have been reported at this time.
Mitigation Recommendations
A patch release for Red Hat build of Apache Camel 4.10.6 for Spring Boot is available and should be applied to remediate these vulnerabilities. Before applying this update, ensure all previously released errata relevant to your system have been installed. Refer to Red Hat's official update guidance at https://access.redhat.com/articles/11258 for detailed instructions. No additional mitigations are specified by the vendor advisory.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:14911
- Cve Count
- 2
- Additional Cves
- ["CVE-2025-55163"]
- Cvss Version
- null
Threat ID: 6a294d7f8dd33fbd853ac8a4
Added to database: 6/10/2026, 11:41:51 AM
Last enriched: 6/10/2026, 12:01:19 PM
Last updated: 6/10/2026, 2:17:00 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.