CVE-2026-25747: Apache Camel LevelDB RCE Vulnerability

CVE-2026-25747 Overview

CVE-2026-25747 is a deserialization of untrusted data vulnerability [CWE-502] in the Apache Camel LevelDB component. The DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. An attacker who can write to the LevelDB database files used by a Camel application can inject a crafted serialized Java object. When the aggregation repository deserializes that object during normal operation, the payload executes arbitrary code in the context of the application.

Critical Impact

Attackers with write access to LevelDB files can achieve arbitrary code execution in the Apache Camel application context, leading to full compromise of confidentiality, integrity, and availability.

Affected Products

• Apache Camel 4.10.0 through 4.10.7 (LTS)
• Apache Camel 4.14.0 through 4.14.4 (LTS)
• Apache Camel 4.15.0 through 4.17.x

Discovery Timeline

• 2026-02-23 - CVE-2026-25747 published to NVD
• 2026-02-26 - Last updated in NVD database

Technical Details for CVE-2026-25747

Vulnerability Analysis

The vulnerability resides in the Camel-LevelDB component, which provides an aggregation repository backed by a LevelDB key-value store. Apache Camel uses Java native serialization to persist aggregation state between processing steps. The DefaultLevelDBSerializer reads stored values through ObjectInputStream.readObject() with no allow-list, no ObjectInputFilter, and no constraints on which classes can be loaded.

This pattern is a textbook unsafe deserialization sink. Any gadget chain present on the application classpath, such as those from Commons Collections, Spring, or Groovy, can be triggered during deserialization. The result is arbitrary code execution inside the Java Virtual Machine running the Camel route.

Root Cause

The root cause is the absence of input filtering on the deserialization stream. Java introduced ObjectInputFilter in JEP 290 to constrain class graphs read from ObjectInputStream, but the Camel-LevelDB serializer does not install one. The serializer treats persisted bytes as trusted, even though the LevelDB files reside on disk and may be writable by other processes or users.

Attack Vector

Exploitation requires the attacker to write crafted bytes into the LevelDB database files used by the target Camel application. This can occur through compromised file system access, shared storage misconfiguration, or any upstream flaw that lets an attacker influence aggregation repository contents. Once the malicious entry is persisted, the next aggregation read triggers readObject() and executes the embedded gadget chain.

No authentication to the Camel application itself is required at deserialization time. The attack vector is network-reachable when the LevelDB store is exposed through shared infrastructure. A public proof of concept is referenced in the GitHub PoC Repository and discussed on the Openwall OSS Security list.

Detection Methods for CVE-2026-25747

Indicators of Compromise

• Unexpected child processes spawned by the Java process hosting Apache Camel, particularly shells, curl, wget, or scripting interpreters.
• Modifications to LevelDB files (*.ldb, *.log, MANIFEST-*) by accounts other than the Camel service identity.
• Outbound network connections from the Camel JVM to unknown hosts following aggregation route processing.
• Stack traces in application logs referencing DefaultLevelDBSerializer, ObjectInputStream.readObject, and unexpected gadget classes such as InvokerTransformer or TemplatesImpl.

Detection Strategies

• Inventory all Apache Camel deployments and flag versions in the affected ranges 4.10.0–4.10.7, 4.14.0–4.14.4, and 4.15.0–4.17.x.
• Monitor process lineage for the Camel JVM and alert on creation of non-Java child processes from aggregation routes.
• Apply file integrity monitoring to LevelDB directories used by Camel aggregation repositories.
• Inspect heap dumps and thread stacks for deserialization gadget chains during incident triage.

Monitoring Recommendations

• Forward Java process telemetry, file access events, and outbound network connections to a centralized analytics platform for correlation across hosts.
• Alert on any write to LevelDB store paths by users or services outside the Camel runtime identity.
• Track JVM exit codes and unexpected restarts of Camel applications, which often follow failed gadget executions.

How to Mitigate CVE-2026-25747

Immediate Actions Required

• Upgrade Apache Camel to a fixed release: 4.18.0 for the current line, 4.10.9 for the 4.10.x LTS line, or 4.14.5 for the 4.14.x LTS line.
• Restrict file system permissions on LevelDB aggregation repository directories so only the Camel service account has write access.
• Audit recent changes to LevelDB store files and review aggregation routes for anomalous processing.
• Rotate credentials and secrets accessible to the Camel application if compromise is suspected.

Patch Information

Apache published the fix in the Apache Camel Security Advisory. Upgrade to 4.18.0, 4.14.5, or 4.10.9 depending on the deployed branch. The patched releases add filtering to the LevelDB deserialization path.

Workarounds

• If immediate upgrade is not possible, replace the LevelDB aggregation repository with an alternative repository implementation that does not rely on Java native serialization.
• Place LevelDB files on storage accessible only to the Camel process, removing any shared write paths.
• Configure a JVM-wide ObjectInputFilter via the jdk.serialFilter system property to deny untrusted classes during deserialization.

# Configuration example: enforce a strict JVM-wide deserialization filter
java -Djdk.serialFilter='!*' \
     -Dorg.apache.camel.leveldb.repository.path=/var/lib/camel/leveldb \
     -jar camel-application.jar

# Restrict LevelDB directory permissions to the Camel service account
chown -R camel:camel /var/lib/camel/leveldb
chmod -R 700 /var/lib/camel/leveldb