Is org.apache.camel:camel-support affected by CVE-2025-29891?

Maven org.apache.camel:camel-support is affected in >=3.10.0 =4.9.0 =4.0.0-M1 <4.8.5.

Is CVE-2025-29891 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 72.0%.

medium

CVE-2025-29891

Q: Is CVE-2025-29891 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 72.0%.

Maven · org.apache.camel:camel-support

Summary

Apache Camel Message Header Injection through request parameters

Severity: medium
EPSS: 72.0% (p99)
Also known as: GHSA-96v5-c2h5-56hm
Published: 2025-03-12

References

https://nvd.nist.gov/vuln/detail/CVE-2025-29891
https://github.com/apache/camel/commit/23a833eec6131a3cdce6e4b1b40b3ac2035b6adf
https://github.com/apache/camel/commit/45a6b74f7f8af8fd58f197566938a9534392a624

Related advisories

CVE-2025-27636 — medium · Maven/org.apache.camel:camel-support

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.