CVE-2025-32094

EPSS 0.04%
Published 07.08.2025 00:00:00
Last modified 07.08.2025 21:26:37
Source cve@mitre.org
Teams watchlist Login
Open Login

An issue was discovered in Akamai Ghost, as used for the Akamai CDN platform before 2025-03-26. Under certain circumstances, a client making an HTTP/1.x OPTIONS request with an "Expect: 100-continue" header, and using obsolete line folding, can lead to a discrepancy in how two in-path Akamai servers interpret the request, allowing an attacker to smuggle a second request in the original request body.

Affected products Warnungen 0 Metrics 2 CWE 1 References 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorAkamai

≫

Product AkamaiGhost

Default Statusunaffected

Version < 2025-03-26

Version 0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.127

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
cve@mitre.org	4	2.2	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/100

https://www.rfc-editor.org/rfc/rfc9112.html#name-obsolete-line-folding

https://www.akamai.com/blog/security/cve-2025-32094-http-request-smuggling

https://www.blackhat.com/us-25/briefings/schedule/#http1-must-die-the-desync-endgame-45103

https://nvd.nist.gov/vuln/detail/CVE-2025-32094

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-32094

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-32094

EUVD