CVE-2025-32996

Medienbericht

EPSS 0.39%
Veröffentlicht 15.04.2025 00:00:00
Zuletzt bearbeitet 21.10.2025 14:43:20
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

NVD 2 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Chimurai ≫ Http-proxy-middleware Version < 2.0.8

Chimurai ≫ Http-proxy-middleware Version >= 3.0.0 < 3.0.4

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.39%	0.301

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
cve@mitre.org	4	2.2	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L

CWE-670 Always-Incorrect Control Flow Implementation

The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.

VulnDex Intel

Media Report

09.08.2025 11:36

https://github.com/chimurai/http-proxy-middleware/commit/020976044d113fc0bcbbaf995e91d05e2829a145

Patch

https://github.com/chimurai/http-proxy-middleware/pull/1089

Issue Tracking

https://github.com/chimurai/http-proxy-middleware/releases/tag/v2.0.8

Release Notes

https://github.com/chimurai/http-proxy-middleware/releases/tag/v3.0.4

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2025-32996

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-32996

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-32996

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-32996