MeldSecurity
Press Enter to search
CVE Database & Search →
Sign In Get Started

CVE-2025-9784

🔴 HIGH

A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malic...

Published
Sep 02, 2025
Last Modified
Sep 02, 2025
Views
10
Bookmarks
0

Description

Request Expert Review

A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).

CVSS Scores

CVSS 3.1 7.5
7.5
HIGH
CVSS 2.0 7.5

References

access.redhat.com bugzilla.redhat.com

Additional Information

Source
secalert@redhat.com
State
Awaiting analysis

Related CVEs

CVE-2025-13264

MEDIUM

A security flaw has been discovered in SourceCodester Online Magazine Management System 1.0. This affects an unknown part of the file /view_magazine.p...

Score: 6.3

CVE-2025-13263

MEDIUM

A vulnerability was identified in SourceCodester Online Magazine Management System 1.0. Affected by this issue is some unknown functionality of the fi...

Score: 6.3

CVE-2025-13262

HIGH

A vulnerability was determined in lsfusion platform up to 6.1. Affected by this vulnerability is the function UploadFileRequestHandler of the file pla...

Score: 7.3

CVE-2025-13284

CRITICAL

ThinPLUS developed by ThinPLUS has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands an...

Score: 9.8

CVE-2025-13283

HIGH

TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Copy and Paste vulnerability. The application sets up a simple local web server...

Score: 7.1

CVE-2025-13282

HIGH

TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Delete vulnerability. The application sets up a simple local web server and provi...

Score: 8.1

Share CVE-2025-9784

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Request a professional security analysis for CVE-2025-9784 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Add 3 credits for accelerated delivery

Base Cost: 8 credits
Priority Upgrade: + credits
SLA Acceleration: +3 credits
Total Cost:
Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

Report Analysis