216.73.216.133

CVE-2025-59822

· Published 23/09/2025 19:15 · Modified 24/09/2025 18:11

Labels: CVE-2025-59822 2025-09-23CVE-2025-59822CWE-444[email protected]

Essential information

Published
23/09/2025 19:15
Modified
24/09/2025 18:11
Author
Creator
CVSS
6.3 MEDIUM (v3) 6.3 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Http4s is a Scala interface for HTTP services. In versions from 1.0.0-M1 to before 1.0.0-M45 and before 0.23.31, http4s is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section. This vulnerability could enable attackers to bypass front-end servers security controls, launch targeted attacks against active users, and poison web caches. A pre-requisite for exploitation involves the web application being deployed behind a reverse-proxy that forwards trailer headers. This issue has been patched in versions 1.0.0-M45 and 0.23.31.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
http4s / http4s cpe:2.3:a:http4s:http4s:*:*:*:*:*:*:*:*
http4s / http4s cpe:2.3:a:http4s:http4s:<1.0.0-M45:*:*:*:*:*:*:*
http4s / http4s cpe:2.3:a:http4s:http4s:<0.23.31:*:*:*:*:*:*:*

References