{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-4366", "assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513", "state": "PUBLISHED", "assignerShortName": "cloudflare", "dateReserved": "2025-05-05T17:42:10.923Z", "datePublished": "2025-05-22T15:50:20.789Z", "dateUpdated": "2025-06-18T13:46:25.042Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://github.com/cloudflare/pingora", "defaultStatus": "unaffected", "packageName": "Pingora", "repo": "https://github.com/cloudflare/pingora", "versions": [{"lessThan": "0.5.0", "status": "affected", "version": "0", "versionType": "git"}]}], "datePublic": "2025-05-22T15:11:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p><span style=\"background-color: rgb(244, 249, 250);\">A request smuggling vulnerability identified within Pingora\u2019s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning.</span></p><p><span style=\"background-color: transparent;\">Fixed in:</span><span style=\"background-color: transparent;\">&nbsp;</span><a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff\"><span style=\"background-color: transparent;\">https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff</span></a></p><p><span style=\"background-color: transparent;\">Impact: The issue could lead to request smuggling in cases where Pingora\u2019s proxying framework, pingora-proxy, is used for caching allowing an attacker to manipulate headers and URLs in subsequent requests made on the same HTTP/1.1 connection.</span></p><br><br>"}], "value": "A request smuggling vulnerability identified within Pingora\u2019s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning.\n\nFixed in:\u00a0 https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff \n\nImpact: The issue could lead to request smuggling in cases where Pingora\u2019s proxying framework, pingora-proxy, is used for caching allowing an attacker to manipulate headers and URLs in subsequent requests made on the same HTTP/1.1 connection."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "baseScore": 7.4, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-444", "description": "CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513", "shortName": "cloudflare", "dateUpdated": "2025-05-22T15:50:20.789Z"}, "references": [{"url": "https://github.com/cloudflare/pingora"}], "source": {"discovery": "EXTERNAL"}, "title": "Request Smuggling Vulnerability in Pingora", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-22T18:30:25.819289Z", "id": "CVE-2025-4366", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-18T13:46:25.042Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4366", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-22T18:30:25.819289Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-22T18:31:57.892Z"}}], "cna": {"title": "Request Smuggling Vulnerability in Pingora", "source": {"discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.4, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/cloudflare/pingora", "versions": [{"status": "affected", "version": "0", "lessThan": "0.5.0", "versionType": "git"}], "packageName": "Pingora", "collectionURL": "https://github.com/cloudflare/pingora", "defaultStatus": "unaffected"}], "datePublic": "2025-05-22T15:11:00.000Z", "references": [{"url": "https://github.com/cloudflare/pingora"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "A request smuggling vulnerability identified within Pingora\u2019s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning.\n\nFixed in:\u00a0 https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff \n\nImpact: The issue could lead to request smuggling in cases where Pingora\u2019s proxying framework, pingora-proxy, is used for caching allowing an attacker to manipulate headers and URLs in subsequent requests made on the same HTTP/1.1 connection.", "supportingMedia": [{"type": "text/html", "value": "<p><span style=\"background-color: rgb(244, 249, 250);\">A request smuggling vulnerability identified within Pingora\u2019s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning.</span></p><p><span style=\"background-color: transparent;\">Fixed in:</span><span style=\"background-color: transparent;\">&nbsp;</span><a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff\"><span style=\"background-color: transparent;\">https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff</span></a></p><p><span style=\"background-color: transparent;\">Impact: The issue could lead to request smuggling in cases where Pingora\u2019s proxying framework, pingora-proxy, is used for caching allowing an attacker to manipulate headers and URLs in subsequent requests made on the same HTTP/1.1 connection.</span></p><br><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-444", "description": "CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')"}]}], "providerMetadata": {"orgId": "a22f1246-ba21-4bb4-a601-ad51614c1513", "shortName": "cloudflare", "dateUpdated": "2025-05-22T15:50:20.789Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4366", "state": "PUBLISHED", "dateUpdated": "2025-06-18T13:46:25.042Z", "dateReserved": "2025-05-05T17:42:10.923Z", "assignerOrgId": "a22f1246-ba21-4bb4-a601-ad51614c1513", "datePublished": "2025-05-22T15:50:20.789Z", "assignerShortName": "cloudflare"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cloudflare:pingora:*:*:*:*:*:*:*:*", "matchCriteriaId": "10BF1E0B-6C78-4B5B-B8A0-44705166D34A", "versionEndExcluding": "0.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A request smuggling vulnerability identified within Pingora\u2019s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning.\n\nFixed in:\u00a0 https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff \n\nImpact: The issue could lead to request smuggling in cases where Pingora\u2019s proxying framework, pingora-proxy, is used for caching allowing an attacker to manipulate headers and URLs in subsequent requests made on the same HTTP/1.1 connection."}, {"lang": "es", "value": "Una vulnerabilidad de contrabando de solicitudes identificada en pingora-proxy, el framework de proxy de Pingora, permite la inyecci\u00f3n de solicitudes HTTP maliciosas mediante cuerpos de solicitud manipulados en los HIT de cach\u00e9, lo que provoca la ejecuci\u00f3n no autorizada de solicitudes y un posible envenenamiento de la cach\u00e9. Corregido en: https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff https://github.com/cloudflare/pingora/commit/fda3317ec822678564d641e7cf1c9b77ee3759ff Impacto: El problema podr\u00eda provocar contrabando de solicitudes cuando se utiliza pingora-proxy, el framework de proxy de Pingora, para el almacenamiento en cach\u00e9, lo que permite a un atacante manipular encabezados y URL en solicitudes posteriores realizadas en la misma conexi\u00f3n HTTP/1.1."}], "id": "CVE-2025-4366", "lastModified": "2025-08-06T17:01:13.763", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@cloudflare.com", "type": "Secondary"}]}, "published": "2025-05-22T16:15:55.180", "references": [{"source": "cna@cloudflare.com", "tags": ["Product"], "url": "https://github.com/cloudflare/pingora"}], "sourceIdentifier": "cna@cloudflare.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-444"}], "source": "cna@cloudflare.com", "type": "Secondary"}]}

{}