CVE-2025-6442 – WEBrick HTTP Request Smuggling Vulnerability

June 25, 2025

CVE ID : CVE-2025-6442

Published : June 25, 2025, 5:15 p.m. | 1 hour, 24 minutes ago

Description : Ruby WEBrick read_header HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions.

The specific flaw exists within the read_headers method. The issue results from the inconsistent parsing of terminators of HTTP headers. An attacker can leverage this vulnerability to smuggle arbitrary HTTP requests. Was ZDI-CAN-21876.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6616 – D-Link DIR-619L Stack-Based Buffer Overflow Vulnerability

Next Article CVE-2025-5015 – AccuWeather Custom RSS Widget Cross-Site Scripting Vulnerability

CodeSOD: A Unique Way to Primary Key

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

The best CRM software with email marketing in 2025: Expert tested and reviewed

This multi-port car charger can power 4 gadgets at once – and it’s surprisingly cheap

I’m a wearables editor and here are the 7 Pixel Watch 4 rumors I’m most curious about

8 ways I quickly leveled up my Linux skills – and you can too

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

Zero Trust & Cybersecurity Mesh: Your Org’s Survival Guide

Execute Ping Commands and Get Back Structured Data in PHP

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

“I don’t think I changed his mind” — NVIDIA CEO comments on H20 AI GPU sales resuming in China following a meeting with President Trump

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

CVE-2025-6442 – WEBrick HTTP Request Smuggling Vulnerability

CVE-2025-44658 – Netgear RAX30 PHP-FPM Misconfigured Extension Bypass Vulnerability

CVE-2025-7393 – Drupal Mail Login Authentication Bypass

La rivoluzione architetturale di AerynOS: Non solo una distribuzione GNU/Linux

I switched to a color E Ink tablet for months, and it beats the ReMarkable in key ways

CVE-2025-54128 – HAX CMS NodeJs allows users to manage their micros

Microsoft Bing is stealing tens of millions of Google’s search users according to the latest data

OpenAI used to test its AI models for months – now it’s days. Why that matters

Big Node, VS Code, and Mantine updates

Windows 11 Pro vs Home vs Enterprise: Full Comparison

CVE-2025-44040 – OrangeHRM Privilege Escalation Vulnerability

CVE-2025-6442 – WEBrick HTTP Request Smuggling Vulnerability

Related Posts