CVE-2025-47905 — HTTP Request Smuggling in Varnish Cache

CWE-444 — HTTP Request Smuggling6 documents6 sources

Severity

5.4MEDIUMNVD

EPSS

0.3%

top 47.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Varnish-software Varnish Cache Varnish-cache Varnish

Timeline

PublishedMay 13

Latest updateMay 14

Description

Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6.0.13r14, allow client-side desync via HTTP/1 requests, because the product incorrectly permits CRLF to be skipped to delimit chunk boundaries.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:NExploitability: 2.2 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5varnish-software/varnish_cache7.0.0 — 7.6.3+2

▶Debianvarnish-cache/varnish< 6.5.1-1+deb11u5+3

🔴Vulnerability Details

GHSA

GHSA-cvpp-rmjx-5x2m: Varnish Cache before 7↗2025-05-14

▶

CVEList

CVE-2025-47905: Varnish Cache before 7↗2025-05-13

▶

OSV

CVE-2025-47905: Varnish Cache before 7↗2025-05-13

▶

📋Vendor Advisories

Red Hat

varnish: request smuggling attacks↗2025-05-13

▶

Debian

CVE-2025-47905: varnish - Varnish Cache before 7.6.3 and 7.7 before 7.7.1, and Varnish Enterprise before 6...↗2025

▶