Is org.apache.camel:camel-support affected by CVE-2025-27636?

Maven org.apache.camel:camel-support is affected in >=3.10.0 =4.0.0-M1 =4.9.0 <4.10.2.

Is CVE-2025-27636 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 79.8%.

medium

CVE-2025-27636

Q: Is CVE-2025-27636 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 79.8%.

Maven · org.apache.camel:camel-support

Summary

Apache Camel: Camel Message Header Injection via Improper Filtering

Severity: medium
EPSS: 79.8% (p100)
Also known as: GHSA-2c2h-2855-mf97
Published: 2025-03-09

References

https://nvd.nist.gov/vuln/detail/CVE-2025-27636
https://github.com/apache/camel/commit/23a833eec6131a3cdce6e4b1b40b3ac2035b6adf
https://github.com/apache/camel/commit/45a6b74f7f8af8fd58f197566938a9534392a624

Related advisories

CVE-2025-29891 — medium · Maven/org.apache.camel:camel-support

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.