Red Hat Security Advisory: Red Hat Build of Apache Camel 4.10.3 for Spring Boot patch release.
Red Hat build of Apache Camel 4.10.3 for Spring Boot patch release and security update is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Security Fix(es): * jetty-server: Jetty: Gzip Request Body Buffer Corruption (CVE-2024-13009) * commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default (CVE-2025-48734) * postgresql: pgjdbc insecure authentication in channel binding (CVE-2025-49146)
AI Analysis
Technical Summary
This Red Hat security advisory (RHSA-2025:9697) announces a patch release for Red Hat build of Apache Camel 4.10.3 for Spring Boot that addresses three security vulnerabilities: CVE-2024-13009 in jetty-server involving gzip request body buffer corruption, CVE-2025-48734 in Apache Commons BeanUtils where PropertyUtilsBean fails to suppress an enum's declaredClass property by default, and CVE-2025-49146 in PostgreSQL JDBC involving insecure authentication in channel binding. The advisory rates the update as important and recommends applying the patch after ensuring all previous errata are applied. The advisory does not provide CVSS scores but references CVE links for detailed severity ratings.
Potential Impact
The vulnerabilities fixed include a buffer corruption issue in Jetty server that could lead to memory corruption or denial of service, a property suppression flaw in Apache Commons BeanUtils that may affect security controls relying on property filtering, and an insecure authentication mechanism in PostgreSQL JDBC channel binding that could weaken authentication security. These issues collectively pose a high security risk if left unpatched, potentially allowing attackers to exploit memory corruption, bypass security controls, or compromise authentication.
Mitigation Recommendations
A patch release for Red Hat build of Apache Camel 4.10.3 for Spring Boot is available that addresses these vulnerabilities. Users should apply this update after ensuring all previously released relevant errata have been applied. Refer to the official Red Hat advisory RHSA-2025:9697 and the update instructions at https://access.redhat.com/articles/11258 for detailed patching guidance.
Red Hat Security Advisory: Red Hat Build of Apache Camel 4.10.3 for Spring Boot patch release.
Description
Red Hat build of Apache Camel 4.10.3 for Spring Boot patch release and security update is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Security Fix(es): * jetty-server: Jetty: Gzip Request Body Buffer Corruption (CVE-2024-13009) * commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default (CVE-2025-48734) * postgresql: pgjdbc insecure authentication in channel binding (CVE-2025-49146)
Affected software
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This Red Hat security advisory (RHSA-2025:9697) announces a patch release for Red Hat build of Apache Camel 4.10.3 for Spring Boot that addresses three security vulnerabilities: CVE-2024-13009 in jetty-server involving gzip request body buffer corruption, CVE-2025-48734 in Apache Commons BeanUtils where PropertyUtilsBean fails to suppress an enum's declaredClass property by default, and CVE-2025-49146 in PostgreSQL JDBC involving insecure authentication in channel binding. The advisory rates the update as important and recommends applying the patch after ensuring all previous errata are applied. The advisory does not provide CVSS scores but references CVE links for detailed severity ratings.
Potential Impact
The vulnerabilities fixed include a buffer corruption issue in Jetty server that could lead to memory corruption or denial of service, a property suppression flaw in Apache Commons BeanUtils that may affect security controls relying on property filtering, and an insecure authentication mechanism in PostgreSQL JDBC channel binding that could weaken authentication security. These issues collectively pose a high security risk if left unpatched, potentially allowing attackers to exploit memory corruption, bypass security controls, or compromise authentication.
Mitigation Recommendations
A patch release for Red Hat build of Apache Camel 4.10.3 for Spring Boot is available that addresses these vulnerabilities. Users should apply this update after ensuring all previously released relevant errata have been applied. Refer to the official Red Hat advisory RHSA-2025:9697 and the update instructions at https://access.redhat.com/articles/11258 for detailed patching guidance.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:9697
- Cve Count
- 3
- Additional Cves
- ["CVE-2025-48734","CVE-2025-49146"]
- Cvss Version
- null
Threat ID: 6a294d7a8dd33fbd853abccb
Added to database: 6/10/2026, 11:41:46 AM
Last enriched: 6/10/2026, 11:58:16 AM
Last updated: 6/10/2026, 2:57:25 PM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.