A critical security flaw in Apache Camel’s header validation mechanism (CVE-2025-27636) enables remote code execution (RCE) due to improper case normalization when filtering HTTP headers in the Exec component. The flaw affects Apache Camel versions 4.10.0-4.10.1, 4.8.0-4.8.4, and 3.10.0-3.22.3, allowing attackers to override command execution by injecting mixed-case header variants like CAmelExecCommandExecutable. This bypasses filtering mechanisms and enables the execution of arbitrary system commands, making vulnerable systems highly exploitable. The vulnerability has been assigned a CVSS 9.8 rating, emphasizing its criticality and ease of exploitation.

Exploitation occurs when an attacker sends crafted HTTP requests with manipulated headers to replace predefined commands in a vulnerable Camel route. For instance, an exec:whoami endpoint can be overridden to execute ls, exposing directory contents, or ping -c 2 8.8.8.8 for network reconnaissance. The impact extends beyond arbitrary command execution to lateral movement and persistence mechanisms, allowing attackers to deploy credential harvesters, backdoors, or reverse shells. Because correctly cased headers remain filtered, administrators may develop a false sense of security, while all Camel components processing dynamic headers remain at risk.

Apache has addressed this vulnerability in patched versions 4.10.2, 4.8.5, and 3.22.4 by enforcing case-insensitive header filtering. Organizations using Camel should immediately upgrade to these versions, implement strict regex filters for all endpoint headers, and restrict HTTP endpoints to trusted networks. As a temporary measure, security teams can modify the ExecBinding class to enforce case normalization manually. Given its exploitation in cloud-native environments, particularly Kubernetes clusters leveraging Camel for service orchestration, businesses must act swiftly to secure their integrations.

This vulnerability highlights the broader security risks of inconsistent case normalization in HTTP header processing across middleware systems. Beyond Apache Camel, organizations should enforce strict header validation controls, audit all HTTP-exposed Camel routes, and adopt a proactive security approach to prevent similar exploits. The incident underscores the importance of robust input validation mechanisms and continuous monitoring to defend against emerging attack vectors.